Earlier this year I did a #hack100days run. I got it done after a couple of stumbles and during that time I got a new gig as a #redteamer. Also managed to start a course, but not finish. Plus, with #mastodon being a new shiny, I need to refocus. Time for another run. Stay tuned... #infosec #CoSoSec
Oi! #redteamers! For inside services, do you carry out any password spray attack exercises? #redteaming #redteam #cososec
From infosec.exchange: https://infosec.exchange/@guamwatt/109258355030128344 Dan Miessler is pretty smart. If you don't have a handle on your assets, you aren't protecting anything. You're practicing 'faith-based security' and 'faith-based systems administration' #cososec
Attending my first meat-space conference in the COVID-era in Indy. #circlecitycon #cososec #infosec
#hack100days Day100: Hacked on the new HtB release didn’t get far. #infosec #cososec
#hack100days Day99: Now about half-way through Practical Web Application Security and Testing. Learned some new ZAP tricks. Also getting more comfortable with docker. #infosec #cososec
#hack100days Day98: More time on Practical Web Application Security and Testing. #infosec #cososec
#hack100days Day98: More time on Practical Web Application Security and testing. Another section down. #infosec #cososec
#hack100days Day97: Found alkanesollutions.co.uk/2021/02/26/list-ad-sites-and-subnets-using-powershell today. Very nice. Last time I poked at AD w/powershell I used the activedirectory module. Thought it was required. This doesn’t need that. Gonna refactor to output in a format more to my preference. Good place to start when mapping a network, ya? #infosec #cososec
#hack100days Day96: More watching Practical Web Application Security and Testing from academy.tcm-sec.com. Might poke at another HtB box before day is done. #infosec #cososec
#hack100days Day95: Finished of HtB Health. Glad to have worked with a team. For an "easy" box, that felt far from it. Now to watch some web app hacking videos. #infosec #cososec
#hack100days Day94: Forgot to log yesterday’s activity. Worked on HtB Health with some folks. Worked on python scripting skills. #infosec #cososec
#hack100days Day93: No hands on keyboard hacking today. Read up on Active Directory to refresh and rebuild mental model of what it looks like on a network. #infosec #cososec
#hack100days Day92: Today was not as productive as the past two. Did get in some time on alh4zr3d’s stream as he worked on a Try Hack Me box. Couple of tools referenced there look interesting. #infosec #cososec
#hack100days Day91: Kept banging on 'return' off and on through the day. Some guidance, based on the results of whoami with priv flag, didn't work as expected. Spun up neo4j and bolt on my infra box for BloodHound. Listened in on mtaggart stream and learned a bit about Content-Security-Policy. #infosec #cososec
#hack100days Day90: Took a crack at Hack the Box machine return. I love evil-winrm. Got user pretty quick. Working on priv esc. Should put it away tonight. #infosec #cososec
#hack100days Day89: Took a crack at an Offsec Proving Grounds box. Learned more how to deal with open proxies. (Wish I'd known how to do this a couple of years ago.) #infosec #cososec
#hack100days Day87: Revisited Ubuntu Multipass and toolbox to run impacket, etc. from. Poked at academy.htb #infosec #cososec
#hack100days Day85: D’oh. Forgot to record yesterday. Worked on HtB Blackfield. I’m really liking CrackMapExec. Refreshed the Impacket brain wrinkles. #infosec #cososec
#hack100days Day85: Banged on academy.htb. Wordlists matter. Grr. #infosec #cososec
Muddling through.