George Gerontakis

From Node.js Malware on GitHub to Exposing Fake North Korean Companies

Open-source software is the beating heart of modern development, powering everything from startups to enterprise systems. But trust can be a dangerous assumption especially when it comes to obscure or rarely-audited projects. In a recent investigation, we uncovered a malware script embedded inside a public GitHub repository, hiding in plain sight under the guise of a crypto-related project.

Are you worried about the security of your SSH server? A recent discovery has unveiled a sophisticated backdoor in the upstream xz compression library (liblzma), impacting versions 5.6.0 and 5.6.1. This vulnerability directly affects systems exposing SSH to the internet, leading to unauthorized access and potential compromise.

July 5, 2023
No Comments
g.gerontakis
Arbitrary Code Execution, CTF, Local File Inclusion, Web

TJCTF 2023 – Misc – Gish Challenge Solution

June 5, 2023
No Comments
g.gerontakis
Arbitrary Code Execution, CTF, Misc, TJCTF 2023

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

George Gerontakis

From Node.js Malware on GitHub to Exposing Fake North Korean Companies

Backdoor in Upstream xz/liblzma Leading to SSH Server Compromise

BSides Athens 2023 – Web – Broken Production Challenge Solution

TJCTF 2023 – Misc – Gish Challenge Solution

HTB x UNI CTF Finals – Zipper – Forensics Writeup

Warren Buffer writeup- Forensics – Hack The Box University CTF 2020 (HTB UNI CTF 2020)