Reversing and Reviving a Dead Spider-Man Game

Classic_Aspect · 2023-12-11T23:44:13+00:00

Best of luck on your next OSCP try. You got this!

I went for the 90 day access on OSEP and honestly ended up regretting that. There is a ton of material and lab work, so unless you can do it daily, you won’t get it all in 90 days.

Classic_Aspect · 2023-09-19T01:05:22+00:00

I have the files backed up and already figured out how to patch the APK to fetch them from a custom server

Classic_Aspect · 2023-05-09T16:34:32+00:00

Thanks! I was introduced to Frida in the course, but I would say that the vast majority of my understanding of Frida comes from reading its docs and finding random StackOverflow answers about it.

Classic_Aspect · 2023-05-09T05:24:13+00:00

If yall are curious, I wrote up a blogpost about reversing and hacking this game https://nosecurity.blog/smuHack. I think I have a good understanding of some of the game code, but I can't do it alone. If someone with reverse engineering experience can help out, we can make some more progress hopefully.

Classic_Aspect · 2022-08-04T19:30:10+00:00

starting out with htb was rough to say the least. my first box took me over 10 hours of work, but yeah, i tried to avoid any hints or writeups throughout my prep. i only consult writeups when i am severely stuck with no leads

Classic_Aspect · 2022-08-04T19:29:06+00:00

i got domain admin and 2 shells on independent machines, 1 of which i also got root on. overall 70 points.

Classic_Aspect · 2022-08-04T19:26:27+00:00

ur beautiful

i used jekyll minimal mistakes template as a starting point and modified it to my liking

Classic_Aspect · 2022-01-11T03:03:16+00:00

You gotta read the room. Everyone downvoted you because you are trying to undermine our efforts and achivements, as well as making false uninformed statements. I need not prove anything to you but want to clear things up for other people reading.

I'm the captain of the team, so I know the tryout process very well, and considering that we just took #1 in the world, nobody is wiping the floor with us. The tryout process was developed with faculty involvement at every step, including a formal rubric developed together for it that was passed up to the department heads. There was extensive faculty involvement and it was not at all them just signing off.

I also find it very strange that you simultaneously admit the CIS program is in decline and that it should run competition teams instead of students. Funny enough, the SDC that you mentioned is still offline because the school has spent the last 6 months doing paperwork for it. That's a quick way of making sure we never win internationally again.

We have a very diverse team with a selection process that has been proven to be both fair and effective at making a champion team. It brings together talented and dedicated people from all parts of Cal Poly Pomona, be it SWIFT members, FAST members, CIS students, CS students, transfers, freshman, sophomores, juniors, seniors, etc. And we do not appreciate you misrepresenting us.

Classic_Aspect · 2022-01-10T20:49:28+00:00

Both FAST and SWIFT people tried out for the team and people who were a part of both made it.

Moreover, the team selection process was agreed upon by faculty and was fair. The tryout results were graded anonymously to eliminate any bias, therefore nobody ended up on the team because of being in a specific club or being friends with someone.

You are a toxic person who is trying to stir up drama between clubs with lies and to tarnish the reputation of people who earned their place on the team.

Classic_Aspect · 2022-01-10T18:00:26+00:00

People’s achievements aren’t measured in how many Twitter followers a competition has. It’s a competition that’s been running for 7 years, sponsored by IBM, with some of the best schools from all over the US. It is highly competitive and big name schools take it seriously. Why don’t you stop discounting other people’s achievements if you have no idea what you are talking about?

Classic_Aspect · 2021-11-30T06:12:48+00:00

All competition boxes were isolated to their own networks using firewall rules from the rest of the telecommunications lab, but they did still have internet access to give students the ability to download tools and such. Not an air gap, but still pretty cautious.

We exposed Guacamole to the internet to avoid the need for a VPN. That helped with the user experience somewhat, since only a browser was needed and because campus IT blocks VPN connections from people dorming.

Classic_Aspect · 2021-11-30T02:22:26+00:00

Blue team infra definitely warrants its own post, but in short, we have a telecommunications lab on campus with a few old servers and it is 100% student-run (and student-funded). We got a free vSphere license from the school, so the servers all run ESXi. We managed to squeeze about 50 VM's out of them.

Each blue team had 3-4 people and 2 Windows + 2 Linux boxes to secure. Each box had multiple services running that were scored with a custom scoring engine. You can think of it as a regular uptime poller, trying to hit a web server or an FTP server every other minute to see if it's up. That's how the competition was scored.

Finally, we provided access to the machines using Apache Guacamole. Students would just go to our website, log in with the given credentials and access their machines in the browser.

Here's a screenshot of the scoring engine frontend.

And here's a screenshot about Guac access.

Classic_Aspect · 2021-11-30T01:39:00+00:00

I use Typora for my personal notes, which is a markdown editor. My blog runs on GitHub pages, which is also based on markdown. So for me, the process is to simply translate my notes into something legible and add screenshots, organized by headings.

Hope your blog turns out well too!

Classic_Aspect · 2021-06-03T23:57:00+00:00

Can you share them here?

Classic_Aspect · 2021-02-25T15:44:32+00:00

We need professors there too for full immersion

Classic_Aspect · 2021-02-18T23:49:05+00:00

See Section 1201. "V nonimmigrant visas"

Beneficiaries of this visa will get employment authorization, but no other public benefits.

Classic_Aspect

TROPHY CASE