https://blog.ajsmith.org/
Andy Smith
Cybersecurity and digital forensics posts from a GMU student.
2023-02-19T23:53:09-05:00
Andy Smith
https://blog.ajsmith.org/
Jekyll
© 2023 Andy Smith
/assets/img/favicons/favicon.ico
/assets/img/favicons/favicon-96x96.png
Creating your own Certificate Authority and Using TLS Client Certificates (mTLS)
2022-09-30T00:00:00-04:00
2022-09-30T00:00:00-04:00
https://blog.ajsmith.org/posts/Creating-your-own-Certificate-Authority-and-Using-TLS-Client-Certificates-mTLS/
Andy Smith
In this article, I’ll go over how to set up your own public key infrastructure (PKI) by creating a private certificate authority (including both a root and an intermediate CA), creating TLS client certificates for TLS mutual authentication (mTLS), and generating and using code signing certificates.
Prerequisites
Python 3.8+
A command line
Getting Started
Whether you’re running interna...
Introduction to Web Exploitation
2022-05-11T00:00:00-04:00
2022-05-11T00:00:00-04:00
https://blog.ajsmith.org/posts/Introduction-to-Web-Exploitation/
Andy Smith
In this article, I’ll go over how to start doing web challenges in capture-the-flag (CTF) competitions from the ground up. This is adapted from a talk I gave at MasonCC, the cybersecurity club at George Mason University.
What is “Web”?
When someone says web, they really just mean communication between a web server and a web client (such as a web browser). There are many different web servers ...
Forensic Analysis of Citymapper for Android
2021-11-28T15:20:00-05:00
2021-11-28T15:20:00-05:00
https://blog.ajsmith.org/posts/Forensic-Analysis-of-Citymapper-for-Android/
Andy Smith
Abstract/BLUF
The goal of this project is to analyze the Citymapper app on Android and search for forensic artifacts present in its configuration and storage files. Citymapper is a navigation app focused on pedestrian and public transit navigation in intracity areas. Citymapper only requires a logical extraction to obtain its configuration files and main database. This means that the device do...
Useful Security Tools
2018-07-04T19:24:00-04:00
2018-07-04T19:24:00-04:00
https://blog.ajsmith.org/posts/Useful-Security-Tools/
Andy Smith
This is an incomplete list of some useful security tools.
Forensics
FTK Imager
NTFS imager that lets you browse all data in an NTFS partition. Useful for discovering NTFS-specific data such as security IDs of computers a partition has been connected to.
Volatility
Memory forensics tool
Binwalk
Looks for headers inside of files to find data structures or files inside of files.
Foremost
Sear...
PicoCTF 2017 Writeups
2018-01-27T01:51:53-05:00
2018-01-27T01:51:53-05:00
https://blog.ajsmith.org/posts/PicoCTF-2017-Writeups/
Andy Smith
Forensics
Digital Camoflage (50pts)
Instructions
We need to gain access to some routers. Let’s try and see if we can find the password in the captured network data: data.pcap.
Hints
It looks like someone logged in with their password earlier. Where would log in data be located in a network capture?
If you think you found the flag, but it doesn’t work, consider that the data may be e...