Reverse engineering and decrypting CyberArk vault credential files

Author: Jelle Vergeer This blog will be a technical deep-dive into CyberArk credential files and how the credentials stored in these files are encrypted and decrypted. I discovered it was possible to reverse engineer the encryption and key generation algorithms and decrypt the encrypted vault password. I also provide a python implementation to decrypt the … Continue reading Reverse engineering and decrypting CyberArk vault credential files →

Decrypting OpenSSH sessions for fun and profit

Author: Jelle Vergeer Introduction A while ago we had a forensics case in which a Linux server was compromised and a modified OpenSSH binary was loaded into the memory of a webserver. The modified OpenSSH binary was used as a backdoor to the system for the attackers. The customer had pcaps and a hypervisor snapshot … Continue reading Decrypting OpenSSH sessions for fun and profit →

StreamDivert: Relaying (specific) network connections

Author: Jelle Vergeer The first part of this blog will be the story of how this tool found it's way into existence, the problems we faced and the thought process followed. The second part will be a more technical deep dive into the tool itself, how to use it, and how it works. Storytime About … Continue reading StreamDivert: Relaying (specific) network connections →