fyx

Full time cyber, part time CTF player.
This website contains some of the work I've made public.
Website is a work in progress... YMMV.

code

dreamcatcher, a TCP listener which allows the same port to be used as a HTTP file server (similarly to python's SimpleHTTPServer) and handle's other TCP connections similarly to netcat.
blistener, a Blind-XSS listener with javascript payloads to retrieve the target user's browser data including cookies, local/session storage, html code (and optionally a screenshot) of current page (also works as a HTTP listener)
genx, a fast alternative domain name generator to help in generating potential subdomains of a target. Useful when starting recon on a domain.
dnsfaster, a tool to benchmark DNS resolvers in order to find resolvers with the highest speed and accuracy.
short domain finder, a golang application which aims to find the shortest available domain based on user parameters (ie. length, domain extension). How I found this domain

CRC-32 hash collider, an application which finds a CRC-32 hash collision based on a provided CRC-32 value and a charset.

BSD rootkit, a BSD rootkit and rootkit detector (written for research & education)

silentbook, Proof-of-Concept app allowing encrypted messaging over Facebook messenger using AES-256 encryption

other: github.com/fyxme

[July 2021] HackTheBox - Take It Easy Dare, a number of retired easy boxes that were made available for everyone during the month of July
[July 2021] Hacky holidays - Space Race, awesome 3 week long CTF hosted by Deloitte Netherlands

[redteam] Dreams :: Using PrintNightmare to exploit a vulnerable DC
[redteam] Scorching :: NTLM hash cracking and kerberoasting
[web] Skylark Capsule :: Weak JWT secret cracking. CRC-32 hash collision to login to admin
[pwn] Deleted Flag :: Bypass seccomp to read a flag from an open file descriptor

Older CTF writeups currently reside on github: github.com/fyxme/writeups.