This Side of Paradise

Of late, I have been working on immersive labs for quite some time, and I’ve managed to complete around 60 odd challenges (With a few more in progress). Since the challenges are not retired, I cannot publish solutions to the challenges on the public internet - hence, I’m creating this index page to list down the interesting challenges I’ve completed. Each of the entry below has a corresponding blog post that has not been published.

Flare-on is a premier windows based reverse engineering CTF that has been running for 10 years now. I’ve attempted the challenge every year and I’ve not been able to go past the first challenge (which is usually a warm-up that takes about 15-20 min to solve). However, that changed this year, when I solved two (yes TWO! 😁) challenges. By the time I reached the third challenge, I had read enough about it from people who had solved it that it was way above my skill levels at this point of time.

So, LastPass posted a blog post last night with further details on the breach that occurred in Aug 2022. It’s a lot worse than what was thought. To summarise: “Some source code and technical information” was stolen from a development environment. We should assume at this point that the threat actor has access to the entire code base. The above information was used to social engineer a developer to obtain credentials and keys to access their cloud based backup storage (presumably an S3 bucket?

I finally went and did it - I got my custom domain (www.three10.io) to host my personal website. I was in two minds, but there were a few reasons that pushed me towards hosting myself on a custom domain. I own my content - I learnt this the hard way when the site hosting my first blog (somewhere in 2003 / 2004 I think) shuttered down. I had absolutely no backups, and everything I wrote was pretty much gone.

Nullcon is probably the oldest security conference happening in India - The first memories I have of it are writing a paper / presentation for the 2014 CFP, way back in late 2013. However, its another story that I didn’t send it out. When I joined my current company in early 2014, I saw that they were sending people to the training sessions - I got kicked out of the list in the first year as I was the “new joiner”.

I finally sold my MBP today, and it’s hard to say goodbye to my primary system that I’ve used over the last 7 years. The laptop is still in a superb condition and If only I could upgrade the internals, I would have kept it. Many fond memories with this one - I will miss you a lot. Loved the keyboard, trackpad and that touch of brushed aluminium when working on something.

Managed to wake up early again today after a brief bout of sickness (seasonal flu), and configured / installed the new router. The home router is probably the most crucial (and the most under-rated) part of the computing environment at any home today. A good router is invisible, chugging away in the background and serving content at max speed to all of its connected clients - on the other hand, a lousy router makes its presence felt very obviously - bad Wi-Fi speeds, frequent disconnects and a generally miserable experience for the user (and even more so for the person maintaining the network).

I’ve spent a lot of time (and money of course) over computer hardware ever since I started my association with computing more than 20 years back. I’ve gone through lots of hardware, that I’m probably too old to remember (but I’ll try to write up a separate post on that sometime), but here’s what I’m using right now! Personally I use 4 devices primarily, and planning to go down to 3 with the next iteration

Testing out a small post to see if this works. If it does, then I can post, sync (via git) and update the blog on the go. This could be game changing! That’s how I started this post - and it works spectacularly. The gives me the capability to manage the blog on the go, even from my phone. This automation setup has enabled me to just focus on writing - publishing and version controlling is done automatically and I can go from writing to being live on the web in a couple of taps.

I am a huge fan of CTF’s and play them at every available opportunity to sharpen my skills and keep them up to date. One of the biggest challenges for playing a CTF is to ensure that the VM’s to be used during the event are always up to date and have all of the tools ready. I usually do this before a day, so it is a full day of running apt-get update and check for updates for a whole day before.