OffSecOps: Using Jenkins For Red Team Tooling

A quick look at how Jenkins can be used to automatically build payloads and tooling, based on the OffSecOps talk by Harmj0y.

Certified Red Team Operator (CRTO) Review

A review of the Certified Red Team Operator (CRTO) exam by RastaMouse

HTB Christmas CTF – Toy Workshop

Overview Toy Workshop was a 1 star rated 'Web' challenge from the HackTheBox "Cyber Santa is Coming to Town" CTF. This was an interesting challenge, with the flag coming from a blind stored-XSS which led to the leakage of the flag from a cookie value in a Puppeteer instance. After that mouthful, lets take a … Continue reading HTB Christmas CTF – Toy Workshop →

AD CS – The ‘Certified Pre-Owned’ Attacks

Overview This post will cover the attacks detailed in the white-paper produced by SpecterOps. The most well-known of which is the 'ESC8' attack - where a standard domain user can escalate to Domain Admin, given a vulnerable environment. If AD CS is a new concept to you, then I have a post covering the basics, … Continue reading AD CS – The ‘Certified Pre-Owned’ Attacks →

AD CS – What Can Be Misconfigured?

Introduction The aim of this post is to go into more detail on the attacks described within the excellent 'Certified Pre-Owned' blog post & whitepaper produced by SpecterOps. This post will show how to configure a test environment which is vulnerable to the attacks they describe. If you are unfamiliar with AD CS, I have … Continue reading AD CS – What Can Be Misconfigured? →

AD CS – The Basics

Introduction This post will cover the basics of Active Directory Certificate Services (AD CS) and how we can use certificates for offensive security. I have two other posts on this subject. The first of which covers some of the dangerous misconfigurations. And secondly, how we can actually perform the attacks. For those unfamiliar, AD CS … Continue reading AD CS – The Basics →

HackTheBox ScriptKiddie Walkthough

ScriptKiddie was an Easy rated Linux machine, which involved exploiting a vulnerability within MetaSploit, then gaining access to the pwn user and abusing a sudo misconfiguration. Getting A Shell Reconnisance Initial nMap scans showed a very simple box, with just SSH and port 5000 open. I personally find the -sV -A flags tend to reveal … Continue reading HackTheBox ScriptKiddie Walkthough →

My OSCP Exam Experience & Tips

Here is a write up of my OSCP exam experience - from studying through to passing the exam. Overall, it was a worthwhile experience and I would recommend it to anyone interested in infosec! TL:DR Practise!IMO, the OSCP exam manual is too large and not worth the effortProving Grounds is far better than PWK Labs … Continue reading My OSCP Exam Experience & Tips →

HTB Cyber Apocalypse – Emoji Voting Writeup

Emoji Voting was a 2-star rated 'Web' machine. The server was vulnerable to SQL injection, which allowed for the flag to be discovered. This was a fairly laborious process, as the SQL injection was after an 'ORDER BY' statement, which increased the complexity of exploiting it. Pwning Emoji Voting The website itself appears to be … Continue reading HTB Cyber Apocalypse – Emoji Voting Writeup →

HTB CTF 2021 – Input as a Service Writeup

Input as a Serivce (Iaas) 1-star rated challenge from the HackTheBox Cyber Apocalypse CTF. This challenge was from the 'Misc' section, in contrast to most of the others I attempted! This challenge revolved around a input function vulnerability in a Python web server, which could be exploited to achieve an RCE. Some initial poking around … Continue reading HTB CTF 2021 – Input as a Service Writeup →