#hack100days Day32: More enumeration of VDP scope. A host/subdomain I initially picked off looks to be an orphaned DNS name. Will keep an eye out for calls to it from other assets. Maybe the glb/waf is looking for something "magical". Found a doc spelling out a policy that may help. #infosec #cososec #enumallthethings

#hack100days Day33: More enum. Found a new tld to chew on. Started poking at an apparent code repository, but it's pretty thin. Need to do some reading on the product. Another host is H U G E, relatively speaking, and is running Wordpress. Managed to get my IP baninated spidering the site. Getting acquainted with axiom now. #infosec #cososec #enumallthethings

#hack100days Day34 (1/3rd of the way!): A scan is still going, but it's NAT is likely sinkholed. Will wait until scan is done to confirm. Spider results from ZAP are still getting chewed on. So, in the meantime, read ahead on _Bug Bounty Bootcamp_. #infosec #cososec

#hack100days Day35: Scan is done and the results are thin. I did feed it too much, but the results suggest I may have misused the tool. Shrinking the target and trying another tool. Some of the URLs in the spider results have queries, so checking for sqli test candidates. ZAP continues trying to choke down the analysis of the spidering. #infosec #cososec #enumallthethings

#hack100days Day36: Tried out feroxbuster. Seems like it's hung, so I'll give it some more time. Took another look at the code repository's search function to see if I could find more 'stuff'. No joy there. Need to read some more. Might be time to look at another host in the VDP. #infosec #cososec #enumallthethings

#hack100days Day37-ish: Feroxbuster was hung. Killed it off, pulled state file and output log back for additional analysis. Gave to face discussions with a netsec vendor about netflow analysis, which dovetailed with risky.biz podcast I listened today. They talked w/Gigamon on the same topic. #infosec #cososec

#hack100days Day38: Vacation! Which is going to cramp my activities. Reading chapter 6 of _Bug Bounty Bootcamp_. #infosec #cososec

#hack100days Day39: Vacation! Reading chapter 7 of _Bug Bounty Bootcamp_. #infosec #cosocec

#hack100days Day40: Still vacationing. Read Chapter 8 of _Bug Bounty Bootcamp_. (Also watched _Dr. Strange and the Multiverse of Madness_.) #infosec #cososec #movienight

#hack100days Day41: Read chapter 9 of _Bug Bounty Bootcamp_. #infosec #cososec

#hack100days Day42: Read chapter 10 of _Bug Bounty Bootcamp_. #infosec #cososec

#hack100days Day43: Read chapters 11 & 12 of _Bug Bounty Bootcamp_. Tomorrow is travel day. #infosec #cososec

#hack100days Day44: Chapter 13 of _Bug Bounty Bootcamp_ done. #infosec #cososec

#hack100days Day45: Baseball Hall of Fame visited today and Chapter 14 of _Bug Bounty Bootcamp_ done. Going to need to do some more labs and walkthroughs of deserialization. Feels a bit like a dark art. #infosec #cososec #vacation

#hack100days Day46: “Home again, home again, jiggity jig.” Rock and Roll Hall of Fame and chapter 15 of _Bug Bounty Bootcamp_ done. Enjoying a jigger of Canadian whiskey to unwind.

#hack100days Day47: Read chapter 16 of _Bug Bounty Bootcamp_. #infosec #cososec

#hack100days Day48: Mixed it up today. Started watching https://www.youtube.com/watch?v=Llw2PAlXUoE, which led to a twitter/@Alh4zr3d livestream on https://www.twitch.tv/alh4zr3d, which then led me to twitter/@mttaggart and led me to https://www.youtube.com/taggarttech which has an API hacking video I want to watch next. #infosec #cososec

#hack100days Day49: Read chapters 17 and 18 of _Bug Bounty Bootcamp_. #infosec #cososec

#hack100days Day50: Watched some more of a stream with alh4zred. Shadowed someone on discord while they hacked on an android app. Got to see similarities between web apps and mobile apps. Also got to point out a ZAP feature, so I contributed a little bit! ;) #infosec #cososec

#hack100days Day51: Flippin' power outage. It's back on and the day isn't done. I've been enumerating htb/trick. Once service appears to be a dead end. Another service is not giving anything up easily. A third service is interesting, I'm not as well versed in its tech. Fortunately, there's metasploit for that. For now, anyways. #infosec #cososec #hackthebox

#hack100days Day52: Kept at htb/trick. Had to spend some time getting acquainted with how "Break" works in ZAP. Wanted to edit a page coming from the server. Didn't get the result I was hoping for. Got one more setting to try before ruling this approach out. #infosec #cososec

#hack100days Day52.1: Went to the forums for some hints. Revisited a service I thought was a dead end. Double-checked syntax and tried another potential configurable. Boom. Found another entry point. Now I'm starting to get some progress. ...and I'm leaving to go to a concert soon. Gotta unplug for a bit, every now and again! #infosec #cososec #floydcoverband

#hack100days Day53: Got creds from yesterday's scans. Explored the app, looking for escalation vector. Found limited LFI, so progress! #infosec #cososec #hackthebox

#hack100days Day54: Read another chapter, chapter 19, of _Bug Bounty Bootcamp_. #infosec #cososec

#hack100days Day55: More banging on trick.htb. Found a new potential entry point. Took a while to figure out how to find it, but didn't get terribly far on it before I had to pack it in. #infosec #cososec #hackthebox

#hack100days Day56: More cracking at trick.htb. Found a thing on an entry point, but I'm stuck turning it into something more useful. Tantalizing config on entry point two, but it isn't giving me any goods. #infosec #cososec #hackthebox #tryharder

#hack100days Day57: watched a live stream, Alh4zr3d breaks two k8s challenges on try hack me #infosec #cososec

#hack100days Day58: Read chapter 21 in _Bug Bounty Bootcamp_. Dangling CNAME is bad, m'kay? A deeper dive on sign-sign-on exploits is really going to be needed for effectiveness. #infosec #cososec

#hack100days Day59: Turns out I read chapter 20 yesterday and chapter 21 tonight. Duh. Saw a walk through yesterday that leveraged looking for .git on a web page. I haven’t done an analysis on that kind of information disclosure vuln, but I reckon it’s rare but damaging. Tomorrow, we read code. #infosec #cososec

#hack100days Day 60: Read chapter 22 of _Bug Bounty Bootcamp_. #infosec #cososec

#hack100days Day61: Finished _Bug Bounty Bootcamp_, skipped chapter 23 and read chapters 24 & 25. Tomorrow, back to #htb. #infosec #cososec

#hack100days Day62: Okay, I lied. Not HtB. Looked at an Offensive Security Proving Grounds-Playground box. Watched a live walk-through on the box. Also watched an Ippsec video re: LFI. #infosec #cososec

#hack100days Day63: Hack the Box Academy today. Worked on LFI module. #infosec #cososec

#hack100days Day64: Started a multiday CTF. Got three of the first five challenges presented and am sitting on 800/1000 points. Going to sit in on Alh4zr3d stream before making dinner and watching the Jan6 shennanigans. #infosec #cososec

#hack100days Day65: Looked at the CTF again. No new challenges. Did more enum on one of the remaining, but didn't make progress. Hit Offsec Proving Grounds Play and pwned "Dawn", so that helped recover some ego. #infosec #cososec

#hack100days Day66: Took a quick look at an Offsec Proving Grounds Play box. Found an LFI. Have a couple of users. Didn't find anything else terribly fun. Making a run at brute forcing a password. #infosec #cososec

#hack100days Day67: Hack the Box Academy, did the ffuf module. #infosec #cososec

#hack100days Day68: More work on Hack the Box Academy and on the ffuf module. Not making it through it as fast as I would like. Practice make perfect! #infosec #cososec