feat: projects blogpost

_data/menus.yml

@@ -11,7 +11,7 @@
   external: false
 
 - title: projects
-  url: /blog/
+  url: /projects/
   external: false
 
 - title: about

_layouts/project-post.html

@@ -0,0 +1,81 @@
+---
+layout: compress
+---
+
+<!DOCTYPE html>
+<html lang="{{ page.lang | default: site.lang | default: "en" }}">
+
+{% include header.html %}
+
+<body data-theme="{{ site.mode }}">
+  <div class="_progress-wrapper">
+    <div id="_progress"></div>
+  </div>
+
+  {% include navbar.html %}
+  <div class="wrapper post">
+    <main class="page-content" aria-label="Content">
+      <article itemscope itemtype="https://schema.org/BlogPosting">
+
+        <header class="header">
+          {% if page.tags and page.tags != empty %}
+          <div class="tags">
+            {% assign tags = page.tags %}
+            <span itemprop="keywords">
+              {% for tag in tags %}
+              <a class="tag"
+                href="/tags/#{{tag | downcase | slugify}}">{{tag | upcase }}</a>{% unless forloop.last %},{% endunless %}
+              {% endfor %}
+            </span>
+          </div>
+          {% endif %}
+          <h1 class="header-title" itemprop="headline">{{ page.title | escape }}</h1>
+          {% if page.date %}
+          <div class="post-meta">
+            <time datetime="{{ page.date | date_to_xmlschema }}" itemprop="datePublished">
+              {{ page.date | date: "%b %d, %Y" }}
+            </time>
+            <span itemprop="author" itemscope itemtype="https://schema.org/Person">
+              <span itemprop="name">{{ page.author | escape }}</span>
+            </span>
+
+            {% include read_time.html %}
+
+            <time hidden datetime="{{ page.modified | date_to_xmlschema }}" itemprop="dateModified">
+              {{ page.date | date: "%b %d, %Y" }}
+            </time>
+            <span hidden itemprop="publisher" itemtype="Person">{{ page.author | escape }}</span>
+            <span hidden itemprop="image">{{ page.image }}</span>
+            <span hidden itemprop="mainEntityOfPage">{{ page.excerpt }}</span>
+          </div>
+          {% endif %}
+        </header>
+
+        <div class="page-content" itemprop="articleBody">
+          {% include anchor_headings.html html=content anchorClass="anchor-head" beforeHeading=true h_min=1 h_max=4 %}
+          {% if page.tweet %}
+          <p>Comments this article on 
+            <a href="https://twitter.com/{{site.cybermouflons.twitter}}/status/{{page.tweet}}">Twitter</a>.
+          </p>
+          {% endif %}
+        </div>
+      </article>
+
+      {% if page.comments %}
+        {% include comments.html%}
+      {% endif %}
+
+    </main>
+
+    {% if page.modified %}
+      <small class="post-updated-at">updated_at {{page.modified | date: "%d-%m-%Y"}}</small>
+    {% endif %}
+    {% if page.next or page.previous%}
+      {% include navigation.html %}
+    {% endif %}
+
+    {% include footer.html %}
+  </div>
+</body>
+
+</html>

_posts/2019-09-25-fbctf-osquery-game/2019-09-25-fbctf-osquery-game.md → _posts/ctf/2019-09-25-fbctf-osquery-game/2019-09-25-fbctf-osquery-game.md

@@ -3,6 +3,7 @@ title: '[Facebook CTF 2019] osquery_game'
 published: true
 tags: [writeup, misc, fbctf19]
 author: koks
+category: ctf
 ---
 
 ```

_posts/2019-10-01-RED-CSAW19-NevernoteCSP/2019-10-01-RED-CSAW19-NevernoteCSP.md → _posts/ctf/2019-10-01-RED-CSAW19-NevernoteCSP/2019-10-01-RED-CSAW19-NevernoteCSP.md

@@ -3,6 +3,7 @@ title: '[RED CSAW CTF 2019] NevernoteCSP'
 published: true
 tags: [writeup, web, csp]
 author: sAINT_Barber
+category: ctf
 ---
 
 First we are greeted with the challenge description

_posts/2019-10-01-RED-CSAW19-NevernotePickle/2019-10-01-RED-CSAW19-NevernotePickle.md → _posts/ctf/2019-10-01-RED-CSAW19-NevernotePickle/2019-10-01-RED-CSAW19-NevernotePickle.md

@@ -3,6 +3,7 @@ title: '[RED CSAW CTF 2019] NevernotePickle'
 published: true
 tags: [writeup, web, deserialization, pickle]
 author: sAINT_Barber
+category: ctf
 ---
 
 Challenge description:

_posts/2019-10-17-squarectf-cipher-go/2019-10-17-squarectf-cipher-go.md → _posts/ctf/2019-10-17-squarectf-cipher-go/2019-10-17-squarectf-cipher-go.md

@@ -3,6 +3,7 @@ title: '[Square CTF] Go cipher'
 published: true
 tags: [writeup, crypto]
 author: koks
+category: ctf
 ---
 
 We are given the following encryption and decryption functions along with 5 plaintexts and 5+1 ciphertexts. One of the ciphertext files is `flag.txt.enc`.

_posts/2020-02-24-PragyanCTF-secret/2020-02-24-PragyanCTF-secret.md → _posts/ctf/2020-02-24-PragyanCTF-secret/2020-02-24-PragyanCTF-secret.md

@@ -3,6 +3,7 @@ title: '[PragyanCTF] Secret'
 published: true
 tags: [writeup, pwn, fmtstr]
 author: Christos.S
+category: ctf
 ---
 
 

_posts/2020-03-25-angstrom20-noisy/2020-03-25-angstrom20-noisy.md → _posts/ctf/2020-03-25-angstrom20-noisy/2020-03-25-angstrom20-noisy.md

@@ -3,6 +3,7 @@ title: '[ångstromCTF-2020] Noisy'
 published: true
 tags: [writeup, misc]
 author: AltAcc
+category: ctf
 ---
 
 # Noisy Challenge Writeup

_posts/2020-08-11-spiderlabsctf-RemoteMgmntSystem/2020-08-11-spiderlabsctf-RemoteMgmntSystem.md → _posts/ctf/2020-08-11-spiderlabsctf-RemoteMgmntSystem/2020-08-11-spiderlabsctf-RemoteMgmntSystem.md

@@ -3,6 +3,7 @@ title: '[SpiderLabsCTF] Remote Management System'
 published: true
 tags: [writeup, web, rce, command_injection]
 author: ishtar
+category: ctf
 ---
 
 # Remote Management System (Web)

_posts/projects/2019-07-19-AttackSurfaceMapper/2019-07-19-AttackSurfaceMapper.md

@@ -0,0 +1,99 @@
+---
+title: '[AttackSurfaceMapper] Expand Your Attack Surface'
+published: true
+tags: [pentest,osint]
+author: superhedgy
+category: projects
+layout: project-post
+---
+
+![Python 3](https://img.shields.io/badge/Python-3_only-blue.svg "Python 3 only")
+![GitHub](https://img.shields.io/github/license/superhedgy/AttackSurfaceMapper)
+![GitHub last commit](https://img.shields.io/github/last-commit/superhedgy/AttackSurfaceMapper)
+![GitHub Issues](https://img.shields.io/github/issues/superhedgy/AttackSurfaceMapper)
+
+![Attack Surface Mapper Logo](https://npercoco.typepad.com/.a/6a0133f264aa62970b0240a49c6ba4200d-800wi "Attack Surface Mapper Logo")
+
+# AttackSurfaceMapper
+Attack Surface Mapper is a reconnaissance tool that uses a mixture of open source intellgence and active techniques to expand the attack surface of your target. You feed in a mixture of one or more domains, subdomains and IP addresses and it uses numerous techniques to find more targets. It enumerates subdomains with bruteforcing and passive lookups, Other IPs of the same network block owner, IPs that have multiple domain names pointing to them and so on.
+
+Once the target list is fully expanded it performs passive reconnaissance on them, taking screenshots of websites, generating visual maps, looking up credentials in public breaches, passive port scanning with Shodan and scraping employees from LinkedIn.
+
+## Demo
+[![Demo](https://img.youtube.com/vi/buIQSf_gmdE/0.jpg)](https://www.youtube.com/watch?v=buIQSf_gmdE)
+
+## Setup
+As this is a Python based tool, it should theoretically run on Linux, ChromeOS ([Developer Mode](https://www.chromium.org/chromium-os/developer-information-for-chrome-os-devices/generic)), macOS and Windows.
+
+[1] Download AttackSurfaceMapper
+```
+$ git clone https://github.com/superhedgy/AttackSurfaceMapper
+```
+
+[2] Install Python dependencies
+```
+$ cd AttackSurfaceMapper
+$ python3 -m pip install --no-cache-dir -r requirements.txt
+```
+
+[3] Add optional API keys to enhance data gathering & analysis 
+
+Register and obtain an API key from:  
+* [VirusTotal](https://www.virustotal.com/gui/join-us)  
+* [ShodanIO](https://account.shodan.io/register)
+* [HunterIO](https://hunter.io/users/sign_up)  
+* ~~[WeLeakInfo](https://weleakinfo.com/register)~~
+* [LinkedIn](https://www.linkedin.com/start/join)  
+* [GrayHatWarfare](https://buckets.grayhatwarfare.com/register)  
+
+
+Edit and enter the keys in keylist file
+```
+$ nano keylist.asm
+```
+
+### Example run command
+```
+$ python3 asm.py -t your.site.com -ln -w resources/top100_sublist.txt -o demo_run
+```
+
+### Optional Parameters
+Additional optional parameters can also be set to choose to include active reconnaissance modules in addition to the default passive modules.
+
+```
+|<------ AttackSurfaceMapper - Help Page ------>|
+
+positional arguments:
+  targets               Sets the path of the target IPs file.
+
+optional arguments:
+  -h, --help            show this help message and exit
+  -f FORMAT, --format FORMAT
+                        Choose between CSV and TXT output file formats.
+  -o OUTPUT, --output OUTPUT
+                        Sets the path of the output file.
+  -sc, --screen-capture
+                        Capture a screen shot of any associated Web Applications.
+  -sth, --stealth       Passive mode allows reconaissaince using OSINT techniques only.
+  -t TARGET, --target TARGET
+                        Set a single target IP.
+  -V, --version         Displays the current version.
+  -w WORDLIST, --wordlist WORDLIST
+                        Specify a list of subdomains.
+  -sw SUBWORDLIST, --subwordlist SUBWORDLIST
+                        Specify a list of child subdomains.
+  -e, --expand          Expand the target list recursively.
+  -ln, --linkedinner    Extracts emails and employees details from linkedin.
+  -d, --debug           Enables debugging information.
+  -v, --verbose         Verbose ouput in the terminal window.
+
+Authors: Andreas Georgiou (@superhedgy)
+	 Jacob Wilkin (@greenwolf)
+```
+
+## Authors
+* [Andreas Georgiou](https://twitter.com/superhedgy)
+* [Jacob Wilkin](https://github.com/Greenwolf)
+
+## Acknowledgments
+* Thanks to `[Your Name Could Be Here, Come Help Out!]` for contributions to the project.

_posts/projects/2020-03-25-CCSC-CTF-2020/2020-03-25-CCSC-CTF-2020.md

@@ -0,0 +1,96 @@
+---
+title: '[CCSC-CTF-2020] Cyprus Cybersecurity Challenge 2020'
+published: true
+tags: [ctf]
+author: cybermoulflons
+category: projects
+layout: project-post
+---
+
+![CCSC CTF 2020](assets/banner.png)
+
+## Repository Structure
+
+This is the official repository with the challenges published in CCSC CTF 2020. Each challenge has a `public` and `setup` folder (if applicable) and is accompanied with a short description. The `setup` folder contains all the files required to build and host the challenge and usually contains the flag and a proof of concept solution as well. Alternatively, the `public` folder contains the files that are released to the participant during the competition.
+
+## Dependencies
+
+Although some of the challenges may run as is, it is recommended that you have **docker** and **docker-compose** installed and use the provided scripts to run the challenges to ensure isolation and therefore proper environment setup.
+
+## Challenges
+
+### Crypto
+
+| Name                                                                                                                      | Points | Author             |
+| ------------------------------------------------------------------------------------------------------------------------- | ------ | ------------------ |
+| [basilisk64](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/crypto/basilisk64)                                   | 50     | koks               |
+| [Calanthe's Secrets](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/crypto/calanthes-secrets)                    | 250    |  _Roko'sBasilisk\_ |
+| [Djinn Exorcism](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/crypto/djinn-exorcism)                           | 300    | \_Roko'sBasilisk\_ |
+| [EClectic DisHonor](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/crypto/eclectic-dishonor)                     | 250    | koks               |
+| [Mousesack's Spell](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/crypto/mousesacks-spell)                      | 150    | \_Roko'sBasilisk\_ |
+| [Rivia Scala Aldersberg](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/crypto/rivia-scala-aldersberg)           | 150    | koks               |
+| [Routes from Sodden to Amell](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/crypto/routes-from-sodden-to-amell) | 450    | \_Roko'sBasilisk\_ |
+
+### Forensics
+
+| Name                                                                                                               | Points | Author      |
+| ------------------------------------------------------------------------------------------------------------------ | ------ | ----------- |
+| [Abnormal Communication](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/forensics/abnormal_communication) | 150    | kotsios     |
+| [Noonwraith's a hacker](https://github.com/apogiatzis/CCSC-CTF-2020/blob/master/forensics/Noonwraith%27s-a-hacker) | 175    | v4kk15      |
+| [Royal huntsman's Dump](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/forensics/royal-huntsman's-dump)   | 150    | s1kk1s      |
+| [Much more than echoes](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/forensics/much_more_than_echoes)   | 250    | anderson101 |
+| [The King's Curse](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/forensics/the-kings-curse)              | 250    | Demetris    |
+
+### Misc
+
+| Name                                                                                                    | Points | Author                       |
+| ------------------------------------------------------------------------------------------------------- | ------ | ---------------------------- |
+| [Jaskier Bot](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/misc/jaskier-bot)                 | 250    | \_Roko'sBasilisk\_ && s1kk1s |
+| [The Last Wish](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/misc/the-last-wish)             | 100    | koks                         |
+| [Every Minute Counts](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/misc/every-minute-counts) | 50     | koks                         |
+
+### Pwn
+
+| Name                                                                                     | Points | Author             |
+| ---------------------------------------------------------------------------------------- | ------ | ------------------ |
+| [Spell Caster](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/pwn/spell-caster) | 300    | \_Roko'sBasilisk\_ |
+| [Guy de Bois](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/pwn/guy-de-bois)   | 200    | \_Roko'sBasilisk\_ |
+| [Easy As PIE](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/pwn/easy_as_pie)   | 400    | s3nn |
+| [Heaping Praise](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/pwn/heaping-praise)   | 250    | zer0heir |
+
+### Reverse
+
+| Name | Points | Author |
+| ---- | ------ | ------ |
+| [Antidote](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/reverse/antidote) | 450 | kotsios |
+| [Wasp Hive](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/reverse/wasp-hive) | 400 | \_Roko'sBasilisk\_ |
+
+
+### Stego
+
+| Name                                                                                                                     | Points | Author      |
+| ------------------------------------------------------------------------------------------------------------------------ | ------ | ----------- |
+| [Golem](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/stego/golem)                                             | 50     | koks        |
+| [Secret Message](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/stego/secret-message)                           | 100    | S1kk1S      |
+| [The Map](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/stego/the_map)                                         | 100    | superhedgy  |
+| [The Striga](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/stego/the_striga)                                   | 150    | andr0sn     |
+| [Yennefer's Curse](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/stego/yennefers-curse)                        | 150    | andr0sn     |
+| [Those are dangerous streams](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/stego/those_are_dangerous_streams) | 100    | anderson101 |
+
+### Mobile
+
+| Name                                                                                              | Points | Author |
+| ------------------------------------------------------------------------------------------------- | ------ | ------ |
+| [Treasure Hunting](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/mobile/threat-hunting) | 300    | v4kk15 |
+
+### Web
+
+| Name                                                                                                       | Points | Author             |
+| ---------------------------------------------------------------------------------------------------------- | ------ | ------------------ |
+| [0potion](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/web/0potion)                             | 300    | koks               |
+| [Just Wraith Trouble](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/web/just-wraith-trouble)     | 150    | koks               |
+| [Robomutant](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/web/robomutant)                       | 50     | koks               |
+| [SSRunestone Finder](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/web/ssrunestone-finder)       | 350    | \_Roko'sBasilisk\_ |
+| [Witcher Training Camp](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/web/witcher-training-camp) | 250    | \_Roko'sBasilisk\_ |
+| [Welcome](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/web/welcome)                             | 50     | kotsios            |
+| [Web of Web](https://github.com/apogiatzis/CCSC-CTF-2020/tree/master/web/web-of-web)                       | 250 + 100    | vp            |

_posts/projects/2020-08-06-Overlord/2020-08-06-Overlord.md

@@ -0,0 +1,43 @@
+---
+title: '[Overlord] Red Team Automation'
+published: true
+tags: [pentest,redtam]
+author: [s1kk1s,v4kkis]
+category: projects
+layout: project-post
+---
+
+# Overlord – Red Teaming Automation
+
+<p align="center">
+  <img src="https://github.com/qsecure-labs/overlord/blob/master/logo.png" alt="drawing" width="150"/>
+</p>
+
+Overlord provides a python-based console CLI which is used to build Red Teaming infrastructure in an automated way. The user has to provide inputs by using the tool’s modules (e.g. C2, Email Server, HTTP web delivery server, Phishing server etc.) and the full infra / modules and scripts will be generated automatically on a cloud provider of choice. Currently supports AWS and Digital Ocean. The tool is still under development and it was inspired and uses the [Red-Baron](https://github.com/byt3bl33d3r/Red-Baron) Terraform implementation found on Github. 
+
+A demo infrastructure was set up in our blog post https://blog.qsecure.com.cy/posts/overlord/.
+
+For the full documentation of the tool visit the Wiki tab at https://github.com/qsecure-labs/overlord/wiki.
+
+# Installation
+
+```bash
+git clone https://github.com/qsecure-labs/overlord.git
+cd overlord/config
+chmod +x install.sh
+sudo ./install.sh
+```
+
+## Acknowledgments
+
+This project could not be created without the awsome work for Marcello Salvati [@byt3bl33d3r](https://twitter.com/byt3bl33d3r) with the [RedBaron](https://github.com/byt3bl33d3r/Red-Baron) Project.
+That is the reason why we are referencing the name of RedBaron on our  project as well.
+
+As Marcello stated on his acknowledgments, further thanks to:
+
+1. [@_RastaMouse's](https://twitter.com/_RastaMouse) two serie's blogpost on 'Automated Red Team Infrastructure Deployment with Terraform' Part [1](https://rastamouse.me/2017/08/automated-red-team-infrastructure-deployment-with-terraform---part-1/) and [2](https://rastamouse.me/2017/09/automated-red-team-infrastructure-deployment-with-terraform---part-2/)
+2. [@bluscreenofjeff's](https://twitter.com/bluscreenofjeff) with his amazing Wiki on [Read Team Infrastucture](https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki)
+3. [@spotheplanet's](https://twitter.com/spotheplanet) blog post on [Red team infrastructure](https://ired.team/offensive-security/red-team-infrastructure)
+
+## Disclaimer
+Overlord comes without warranty and is meant to be used by penetration testers during approved red teaming assessments and/or social enigneering assessments. Overlord's developers and QSecure decline all responsibility in case the tool is used for malicious purposes or in any illegal context.