IT Security & Hacking
https://training.zeropointsecurity.co.uk/courses/red-team-ops Having passed Nikhil Mittal's great CRTP course in October 2022, I wanted something similar to sink my teeth into at the beginning of 2023. A colleague of mine had been working his way through the Zero-Point Security Red Team Ops lab and it sounded great, so I purchased it and started on my way. …
Continue reading "Zero-Point Security Red Team Ops: Course Review"
https://www.alteredsecurity.com/adlab In May 2022 I took the CPSA exam (and passed). This was my only cybersecurity cert other than the OSCP I had gained in October 2019, and so the first one I had gained while being a pentester as a job. The cert is just an exam, no related course, so as nice as …
Continue reading "Certified Red Team Professional: Course Review"
Teacher is my 30th machine on HackTheBox. User access is gained through finding partial credentials, fuzzing the password and then exploiting a hole in the Moodle software to leverage code execution and get a reverse shell. This initial access is then escalated from www-data to a userful user account using SQL database credentials found in …
Access is the 29th machine I attempted on HackTheBox. User Access is gained through reading a MS Access database to get the password to a zipped file. Root access is gained by exploiting stored credentials. User Access I started, as I always do, with the nmapautomator script that the wonderful 21yfd made available on GitHub …
Active, the 28th machine I attempted on HackTheBox, is a relatively easy box but with some bits that you can learn if you don't know much about exploiting Active Directory and Kerberos. User Access I started, as I always do, with the nmapautomator script that the wonderful 21yfd made available on GitHub and shared in …
Tales from the Encrypt 