It’s wild when you accidentally step upon something intended, yet benign? Something like that happened a few months back when I was volunteering at DEF CON Delhi Group 9111, managing the CTF infrastructure. The story As any sane & quick CTF organizer, the approach was simple. Registrations and challenge descriptions hosted on CTFd. Challenges themselves were dockerized and deployed as their own containers inside a Ubuntu Server VM. A nginx reverse-proxy to handle traffic on the basis of FQD...| Mayank Malik
Arctic Liquid Freezer II 360 Arctic Liquid Freezer III 240 Arctic Liquid Freezer III 280 Arctic Liquid Freezer III 360 Arctic Liquid Freezer III 420| Mayank Malik
Introduction 💡 DISCLAIMER: The content presented in this write-up is for educational purposes only. It demonstrates concepts related to computer security, system processes, and vulnerabilities. The information provided is not intended to encourage or condone any form of malicious activity. Users are expected to use this knowledge responsibly, ethically, and in compliance with all applicable laws and regulations. The author does not endorse or support any illegal or unauthorized use of the ...| Mayank Malik
Objective The objective of this thermal paste evaluation was to assess and compare the performance of eight different thermal pastes under controlled testing conditions. The primary focus was to analyze their thermal conductivity, heat dissipation capabilities, and overall effectiveness in final performance available via thermal headroom. By conducting a series of systematic tests, we aimed to provide valuable insights and data-driven recommendations to aid in the selection of the most suitab...| Mayank Malik
What is Overclocking a GPU? Overclocking a GPU refers to the process of increasing its clock speeds beyond the manufacturer’s specified limits. The core clock, memory clock, and sometimes voltage can be adjusted to achieve higher performance levels. Here are the pros and cons of overclocking: Pros: Increased Performance: Overclocking can provide a significant boost in GPU performance, resulting in higher frame rates in games, faster rendering times in creative applications, and improved ove...| Mayank Malik
What is Undervolting a GPU? Undervolting a GPU refers to the process of reducing the default voltage supplied to the graphics processing unit. GPUs are typically set to run at a specific voltage by the manufacturer, but undervolting allows users to lower that voltage while maintaining stable performance. Pros Reduced Power Consumption: Undervolting lowers the voltage supplied to the GPU, resulting in reduced power consumption. This can lead to lower electricity bills and increased energy effi...| Mayank Malik
1. Executive Summary A. Fingerprinting MD5: 459aad8cc95d9fe2bd1d3199966289f7 SHA256: eb22d542b3b6e69a98801ff7843fa6981b13ca8628a5382cfdc0f713cdb72cba VirusTotal Report: https://www.virustotal.com/gui/file/eb22d542b3b6e69a98801ff7843fa6981b13ca8628a5382cfdc0f713cdb72cba B. Classification Infostealer, used to harvest stored credentials and session objects from browsers installed on the machine. C. Behavioral Summary The malware is a PyInstaller packed executable, with slight obfuscation. When t...| Mayank Malik
1. Executive Summary A. Fingerprinting MD5: 425cf022932c7ace6542f18af4fbac2a SHA256: b24ce8861d8d06d10d73e38c6fcc0c026a5c9529fda74927f85b4cfe022f7e1d VirusTotal Report: https://www.virustotal.com/gui/file/b24ce8861d8d06d10d73e38c6fcc0c026a5c9529fda74927f85b4cfe022f7e1d/detection/f-b24ce8861d8d06d10d73e38c6fcc0c026a5c9529fda74927f85b4cfe022f7e1d-1668189288 B. Classification The AveMariaRat is a Remote Access Trojan that allow the attacker to connect and control the victim’s machine throught ...| Mayank Malik
1. Executive Summary A. Fingerprinting MD5: c5782ebad92661d4acfacaf4daa1fc52 SHA256: 1b82ac159d87162964a4eb61122bb411a35e748e135cc3b97ab39466e5827c7e VirusTotal Report: https://www.virustotal.com/gui/file/1b82ac159d87162964a4eb61122bb411a35e748e135cc3b97ab39466e5827c7e B. Classification PirateStealer is a new Info Stealer in the scene. Not much info is provided about this family and the sample is relatively new. No traces has been found on either Malware Bazaar or Malpedia. The sample will be...| Mayank Malik
Enumeration nmap Scan # Nmap 7.92 scan initiated Mon Apr 11 15:07:52 2022 as: nmap -sC -sV -T3 -oN nmap.all-port.txt -vv -p- 10.10.11.143 Nmap scan report for 10.10.11.143 (10.10.11.143) Host is up, received echo-reply ttl 63 (0.084s latency). Scanned at 2022-04-11 15:07:58 IST for 54s Not shown: 65532 closed tcp ports (reset) PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.0 (protocol 2.0) 80/tcp open http syn-ack ttl 63 Apache httpd 2.| Mayank Malik
Enumeration nmap scan Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-24 06:52 IST Nmap scan report for 10.129.110.180 (10.129.110.180) Host is up (0.075s latency). Not shown: 65530 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.4 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 48:ad:d5:b8:3a:9f:bc:be:f7:e8:20:1e:f6:bf:de:ae (RSA) | 256 b7:89:6c:0b:20:ed:49:b2:c1:86:7c:29:92:74:1c:1f (ECDSA) |_ 256 18💿9d:08:a6:21:a8:b8:b6:f7:9f:8d:40...| Mayank Malik
Enumeration nmap Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-04 07:55 IST Nmap scan report for 10.129.136.40 (10.129.136.40) Host is up (0.080s latency). Not shown: 65534 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) | ssl-cert: Subject: commonName=atsserver.acute.local | Subject Alternative Name: DNS:atsserver.acute.local, DNS:atsserver | Not valid before: 2022-01-06T06:34:58 |_Not valid after: 2030-01-04T06:3...| Mayank Malik
Enumeration nmap # Nmap 7.92 scan initiated Sun Jul 3 11:41:02 2022 as: nmap -sC -sV -T3 -oA nmap-tcp-all-ports -p- -iL ip.txt Nmap scan report for 10.129.25.107 (10.129.25.107) Host is up (0.080s latency). Not shown: 65533 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 7680/tcp open pando-pub? 8080/tcp open http Apache httpd 2.4.43 ((Win64) OpenSSL/1.1.1g PHP/7.4.6) |_http-title: mrb3n's Bro Hut |_http-open-proxy: Proxy might be redirecting requests |_http-server-header: Apache/...| Mayank Malik
Enumeration nmap Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-01 08:36 IST Nmap scan report for 10.129.136.44 (10.129.136.44) Host is up (0.078s latency). Not shown: 65533 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2 (protocol 2.0) | ssh-hostkey: | 3072 be:66:06:dd:20:77:ef:98:7f:6e:73:4a:98:a5:d8:f0 (RSA) | 256 1f:a2:09:72:70:68:f4:58:ed:1f:6c:49:7d:e2:13:39 (ECDSA) |_ 256 70:15:39:94:c2💿64:cb:b2:3b:d1:3e:f6:09:44:e8 (ED25519) 80/tcp open http Apac...| Mayank Malik
Enumeration nmap Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-02 16:27 IST Nmap scan report for 10.129.187.31 (10.129.187.31) Host is up (0.081s latency). Not shown: 65532 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 72:d4:8d:da:ff:9b:94:2a:ee:55:0c:04:30:71:88:93 (RSA) | 256 c7:40:d0:0e:e4:97:4a:4f:f9:fb:b2:0b:33:99:48:6d (ECDSA) |_ 256 78:34:80:14:a1:3d:56:12:b4:0a:98:1f:e6:b4:e8:...| Mayank Malik
Enumeration nmap # Nmap 7.92 scan initiated Thu Jun 30 18:27:50 2022 as: nmap -sC -sV -T3 -oA nmap-tcp-all-ports -p- -iL ip.txt Nmap scan report for 10.129.134.93 (10.129.134.93) Host is up (0.085s latency). Not shown: 65533 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 445/tcp open microsoft-ds? 4386/tcp open unknown | fingerprint-strings: | DNSStatusRequestTCP, DNSVersionBindReqTCP, Kerberos, LANDesk-RC, LDAPBindReq, LDAPSearchReq, LPDString, NULL, RPCCheck, SMBProgNeg, SSLSes...| Mayank Malik
Enumeration nmap scan # Nmap 7.92 scan initiated Wed Jun 22 05:43:29 2022 as: nmap -sC -sV -T3 -oA nmap-tcp-all-ports -p- -iL ip.txt Nmap scan report for 10.129.121.9 (10.129.121.9) Host is up (0.070s latency). Not shown: 65530 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 80/tcp open http Microsoft IIS httpd 10.0 |_http-title: Fidelity |_http-server-header: Microsoft-IIS/10.0 | http-methods: |_ Potentially risky methods: TRACE 135/tcp open msrpc Microsoft Windows RPC 3306/tcp o...| Mayank Malik
Enumeration Hostname : book.htb nmap # Nmap 7.92 scan initiated Tue Jun 21 06:08:40 2022 as: nmap -sC -sV -T3 -oA nmap-tcp-all-ports.txt -p- -iL ip.txt Nmap scan report for 10.129.95.163 (10.129.95.163) Host is up (0.075s latency). Not shown: 65533 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 f7:fc:57:99:f6:82:e0:03:d6:03:bc:09:43:01:55:b7 (RSA) | 256 a3:e5:d1:74:c4:8a:e8:c8:52:c7:17:83:4...| Mayank Malik
Have an old router just lying around? Ever wondered how much useful that spare device can be? You will! After reading this guide. The OpenWrt Project is a Linux operating system targeting embedded devices. Prerequisites:- i) A Compatible Router flashed with supported version of OpenWRT. ( Check it out here!) (**!!IMPORTANT!! **This guide is for GUI Supported Versions only. I’ll be doing a Configuration over SSH Guide too.)| Mayank Malik
Researchers: Mayank Malik ( mostwanted002@protonmail.com) Kartik Sharma ( 98kartik.sharma@gmail.com) Severity: Medium Version: 3.0.1 to 7.0.1 Vulnerable Endpoint: http:///avatar/* Overview Grafana is the open-source analytics & monitoring solution for every database. According to Grafana’s patch notes dated June 3rd, 2020, there was an “Incorrect Access Control” vulnerability in Grafana 3.0.1 through Grafana 7.0.1 on the /avatar feature through which an attacker/adversary was able to pe...| Mayank Malik
A SSRF Detection tool to identify web URLs vulnerable to SSRF via HTTP Header Injection.| Mayank Malik
A CTF framework(in flask) for HackTheBox style machines.| Mayank Malik
Enumeration NMAP Scan # Nmap 7.92 scan initiated Sun Apr 10 19:53:33 2022 as: nmap -sC -sV -T3 -oN nmap.all-port.txt -vv -p- 10.10.11.148 Nmap scan report for 10.10.11.148 (10.10.11.148) Host is up, received echo-reply ttl 63 (0.078s latency). Scanned at 2022-04-10 19:53:39 IST for 138s Not shown: 65533 filtered tcp ports (no-response) PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 (protocol 2.0) | fingerprint-strings: | NULL: |_ SSH-2.| Mayank Malik
Enumeration nmap Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-07 22:44 IST Nmap scan report for 10.129.96.155 (10.129.96.155) Host is up (0.078s latency). Not shown: 65511 closed tcp ports (reset) PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2022-07-07 10:23:33Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Direc...| Mayank Malik
Enumeration nmap Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-07 07:05 IST Nmap scan report for 10.129.95.180 (10.129.95.180) Host is up (0.071s latency). Not shown: 65516 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 80/tcp open http Microsoft IIS httpd 10.0 |_http-server-header: Microsoft-IIS/10.0 | http-methods: |_ Potentially risky methods: TRACE |_http-title: Egotistical Bank :: Home 88/tcp open kerberos-sec Microsoft Windows Kerbero...| Mayank Malik
Enumeration nmap scan Starting Nmap 7.92 ( https://nmap.org ) at 2022-06-29 17:45 IST Nmap scan report for 10.129.134.71 (10.129.134.71) Host is up (0.076s latency). Not shown: 65516 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2022-06-29 12:17:20Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows...| Mayank Malik
Enumeration nmap ➜ mostwanted002@Loki Mango please nmap -sC -sV -T3 -oA nmap-tcp-all-ports -p- -iL ip.txt Starting Nmap 7.92 ( https://nmap.org ) at 2022-06-28 04:59 IST Nmap scan report for 10.129.1.219 (10.129.1.219) Host is up (0.080s latency). Not shown: 65532 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 a8:8f:d9:6f:a6:e4:ee:56:e3:ef:54:54:6d:56:0c:f5 (RSA) | 256 6a:1c:ba:89:1e:b0:5...| Mayank Malik
Enumeration nmap ➜ mostwanted002@Loki Phoenix please nmap -sC -sV -T3 -oA nmap-tcp-all-ports -p- -iL ip.txt [sudo] password for mostwanted002: Starting Nmap 7.92 ( https://nmap.org ) at 2022-06-26 19:50 IST Nmap scan report for 10.129.133.247 (10.129.133.247) Host is up (0.075s latency). Not shown: 65532 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.4 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 9d:f3:87💿34:75:83:e0:3f:50:d8:39:c6...| Mayank Malik
Enumeration nmap scan ➜ mostwanted002@Loki Forest please nmap -sC -sV -T3 -oA nmap-tcp-all-ports -p- -iL ip.txt [sudo] password for mostwanted002: Starting Nmap 7.92 ( https://nmap.org ) at 2022-06-23 18:24 IST Nmap scan report for 10.129.95.210 (10.129.95.210) Host is up (0.074s latency). Not shown: 65512 closed tcp ports (reset) PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2022-06-23 13:01:56Z) 135/tcp open...| Mayank Malik
Contents Disclamer Introduction ContiLeaks Zipped Locker Unzipped Locker backdoor.js Source Code Analysis: Locker Initialization Command Line Arguments Modifying the Code Searching for Files Cryptanalysis Source Code Analysis: Decryptor Cryptanalysis Performance Conclusion 1. Disclaimer I won’t be releasing/sharing exact complete source-code out of respect to the person because of whom this all was possible.| Mayank Malik
‘ Intel Owl’ is a one-stop destination for all your threat intelligence needs. This application, itself was designed on the idea of scalability and provides docker configurations for the same. What if, one needs to deploy it for their organisation, which actively performs threat intelligence, and need high performance application for the same? Well, Intel Owl deployed over GKE (Google Kubernetes Engine) might be able to perform well for that!!| Mayank Malik
