hacking – Tales from the Encrypt

21 Mar 202320 Mar 2023

SANS SEC575 Mobile Device Security and Ethical Hacking: Course Review

https://www.sans.org/cyber-security-courses/mobile-device-security-ethical-hacking/ https://www.giac.org/certifications/mobile-device-security-analyst-gmob/ Late on in 2022, my boss messaged me and asked if I would like to do a SANS course. This one was around mobile security. Having previously done a few mobile tests and done this course on Udemy AND having never done a SANS course before but heard how good they were, how …

Continue reading "SANS SEC575 Mobile Device Security and Ethical Hacking: Course Review"

10 Mar 202310 Mar 2023

Zero-Point Security Red Team Ops: Course Review

https://training.zeropointsecurity.co.uk/courses/red-team-ops Having passed Nikhil Mittal's great CRTP course in October 2022, I wanted something similar to sink my teeth into at the beginning of 2023. A colleague of mine had been working his way through the Zero-Point Security Red Team Ops lab and it sounded great, so I purchased it and started on my way. …

Continue reading "Zero-Point Security Red Team Ops: Course Review"

3 Mar 202327 Feb 2023

Certified Red Team Professional: Course Review

https://www.alteredsecurity.com/adlab In May 2022 I took the CPSA exam (and passed). This was my only cybersecurity cert other than the OSCP I had gained in October 2019, and so the first one I had gained while being a pentester as a job. The cert is just an exam, no related course, so as nice as …

Continue reading "Certified Red Team Professional: Course Review"

22 Feb 202322 Feb 2023

Android App Hacking – Black Belt Edition: Course Review

https://www.udemy.com/course/android-app-hacking-black-belt-edition/ I was recommended this course by a colleague when I said I wanted to learn more about Android hacking, so I could feel confident auditing Android apps for clients. At full price it's £109 and, let me tell you, even if you can't get this on a deal it is more than worth it. …

Continue reading "Android App Hacking – Black Belt Edition: Course Review"

30 Jan 202030 Jan 2020

HTB Writeups: Teacher

Teacher is my 30th machine on HackTheBox. User access is gained through finding partial credentials, fuzzing the password and then exploiting a hole in the Moodle software to leverage code execution and get a reverse shell. This initial access is then escalated from www-data to a userful user account using SQL database credentials found in …

Continue reading "HTB Writeups: Teacher"

12 Dec 201912 Dec 2019

HTB Writeups: Access

Access is the 29th machine I attempted on HackTheBox. User Access is gained through reading a MS Access database to get the password to a zipped file. Root access is gained by exploiting stored credentials. User Access I started, as I always do, with the nmapautomator script that the wonderful 21yfd made available on GitHub …

Continue reading "HTB Writeups: Access"

9 Dec 201912 Dec 2019

HTB Writeups: Active

Active, the 28th machine I attempted on HackTheBox, is a relatively easy box but with some bits that you can learn if you don't know much about exploiting Active Directory and Kerberos. User Access I started, as I always do, with the nmapautomator script that the wonderful 21yfd made available on GitHub and shared in …

Continue reading "HTB Writeups: Active"