#hack100days : Day2 : Tuned in to @Alh4zr3d@twitter's twitch (https://www.twitch.tv/alh4zr3d). He streamed pwning the #hackthebox Tricky box. Watched @mttaggart's _Practical Webapp Security and Testing_ (https://academy.tcm-sec.com) (henceforth, PWST), sections 4-6 and 4-7. Need to spend some more time on 4-7 and the javascript trickiness. #htb #infosec #CoSoSec
@__p__e__t__e__ So far, so good. Some stuff I've seen before. I really appreciate the labs. Between this and 'Hacking APIs', by Corey Ball, I've had to get more familiar and more comfortable with Docker. That's been useful. I'm looking forward to the capstone. Gotta find an app (off vulnhub, for example), hack it, and write a report. Little primer before going after the OSWE, I reckon.
@scottlink most of my docker labbing has been on a raspberry pi, but there are containers for BuggyWebApp (BWapp) and Damn Vulnerable Web App (DVWA) for x86_64. I think I got the acronyms right. So depending on your system's architecture you could spin one of those up really quickly.
@__p__e__t__e__ Indeed. I've got an older Intel NUC I've put to work hosting them. I've got another to bring back up on line and then I plan to look harder a k8s. Wonder what kind of stuff I can learn w/DVWA or JuiceShop on top of Kubegoat. There's _always_ something to learn! (I need to start looking for deliberately vuln IdP. See what that looks like.)
@scottlink cant believe I forgot JuiceShop! They even have a #TheSecretOfMonkeyIsland easter egg in there!
@scottlink how did you like the Webapp Sec & Testing?
I've been continually finishing Matt's Practical Malware Analysis and Triage since release, but keep pausing it to read literature about different aspects of the subject matter. I like the PMAT course a lot.