Welcome to my Ruby Blog!
On this blog you will find diverse information, a big part of which helped me study better for computer security challenges. Here I decided to share some of the material in form of easily comprehensible guides. This knowledge can applied in practice at your next CTF challenge.
At times, I also share some of my projects or write about other things that are on different tangents with classic CTFs, however, they all build a big part of understanding how things work. Here you might find one day useful tips on how to prevent your augmentations getting hacked ;)
The site runs on Ruby on Rails 6 and at the moment it is designed to offer the basic functionality a readable page should.
If you like how this page is built, you can find the source of a more ancient version which runs on rails 3 here https://github.com/TP19/rblog, though I will share at a later point the source code for this one as well.
Check out the scripts and projects to the articles here https://github.com/TP19/ZonaIncognita-Scripts. Some projects are not within the repository, but where is the case, you will find the corresponding links in the articles.
It is worth mentioning:
"Hacking is really just the act of finding a clever and counterintuitive solution to a problem" - Jon Erickson
Binary Exploitation (PWN)
In this section will be referenced methods that build up the understanding how to interact and exploit the file system.
To exploit a Linux system, it is neccessary to understand well how the applications, processes, memory work and are connected. It also implies a good understanding of few scripting and programming concepts, mostly used in assembly and C. A starting point in concepts that the readers should be quite comfortable with to be well prepared in advancing in this topic and processing other posts in this section, are described in Assembly References
and Binary Files and Processes in Linux
Debugging, disassembling, decompiling, patching, emulating - these are all topics that every reverse engineer has to deal with. Not every developer is a reverse engineer, but reverse engineers must put themselves and become developers to understand the hidden patterns in the software they are trying to read. A lot depends on the complexity of the software. In some software the answer can be found just by decompiling, but in other cases, reverse engineers might need to write a version of the software themselves, while knowing only 20% of its functionality. In other words - emulate it based on what is known and own assumptions to test the potential paths of its structure.
In this section I will be describing how to apply the knowledge of a reverse engineer in practice. Naturally, the lack of knowldege mentioned in the description above of Binary Exploitation (PWN)
+ Intro to Reverse Engineering
will lead to heavy difficulties in understading the posts in this section.
Here will be described different aspects in web security, that are usually practicied more by Penetration Testers and Bug Hunters. For now I will include everything related to Open-Source Intelligence OSINT here as well. These domains often overlap more on how to execute a chain of attacks and currently are contained in a very small part of the articles. (for example, Reconnaisance is required to discover targets to set further for a vulnerability scan, but is also used in such projects as Tracelabs
Any system is good for testing out things here. The examples will be demonstrated with primary focus on current Kali Linux. I recommend something Arch or Debian based, such as Black Arch or Parrot OS. Generally, every system is similar, but Kali or Black Arch have a lot of useful offsec tools preinstalled, that's why I'm referencing it here, so no one wonders about the mysterious commands fired in my posts.
Crypto currencies are a very popular topic and this where most of us have heard about the blockchain. However, blockchain itself does not power only crypto currencies. I am exploring how fundamentally this concept can work in our society, its underlying technical challenges and interesting applications.
WIP. Interesting concepts and projects!
You can find archived posts on diverse topics here.
Descriptions on some events, mainly which most of us can attend and enjoy!
I am a cyber security enthusiast (and not only ( ﾟｏ⌒)).
This blog also has an rss feed. If you want to add it up, feel free to use it
If you have any questions or suggestions always feel free to hit me up on this address: zonaincognita[at]pm[dot]me. You can also dm me on discord. For this, you can just prepend my handle to #1761
Have fun exploring!