fyx
This website contains some of the work I've made public.
Website is a work in progress... YMMV.
code
tools
- dreamcatcher, a TCP listener which allows the same port to be used as a HTTP file server (similarly to python's SimpleHTTPServer) and handle's other TCP connections similarly to netcat.
- blistener, a Blind-XSS listener with javascript payloads to retrieve the target user's browser data including cookies, local/session storage, html code (and optionally a screenshot) of current page (also works as a HTTP listener)
- genx, a fast alternative domain name generator to help in generating potential subdomains of a target. Useful when starting recon on a domain.
- dnsfaster, a tool to benchmark DNS resolvers in order to find resolvers with the highest speed and accuracy.
- short domain finder, a golang application which aims to find the shortest available domain based on user parameters (ie. length, domain extension). How I found this domain
research
- CRC-32 hash collider, an application which finds a CRC-32 hash collision based on a provided CRC-32 value and a charset.
- BSD rootkit, a BSD rootkit and rootkit detector (written for research & education)
- silentbook, Proof-of-Concept app allowing encrypted messaging over Facebook messenger using AES-256 encryption
other: github.com/fyxme
writeups
post-mortems
- [July 2021] HackTheBox - Take It Easy Dare, a number of retired easy boxes that were made available for everyone during the month of July
- [July 2021] Hacky holidays - Space Race, awesome 3 week long CTF hosted by Deloitte Netherlands
CTF
- [redteam] Dreams :: Using PrintNightmare to exploit a vulnerable DC
- [redteam] Scorching :: NTLM hash cracking and kerberoasting
- [web] Skylark Capsule :: Weak JWT secret cracking. CRC-32 hash collision to login to admin
- [pwn] Deleted Flag :: Bypass seccomp to read a flag from an open file descriptor
Older CTF writeups currently reside on github: github.com/fyxme/writeups.
boot2root
- active :: Windows | Kerberoasting | Active Directory | Powershell
- bastion :: Windows | Powershell | File Misconfiguration
- forest :: Windows | Powershell | FKerberoasting | Active Directory
- heist :: Windows | Web | Process Inspection
- openadmin :: Linux | Web | File Misconfiguration
- traverxec :: Linux | Web | File Misconfiguration
- shocker :: Linux | Perl | Web | Injection
- writeup :: Linux | Web | SQL | SQLi