#hack100days : day 25d : New hacktop from work today. Setting it up, trying stuff out. WSL is still sub-optimal. Gonna work on getting more facile w/Docker and Ubuntu's Multipass. Oh, something interesting... ...an EICAR dropped into a WSL image doesn't get flagged by Defender. #labitup #infosec #cososec

#hack100days : day 24d: Today was research day. Attended a webinar on web hacking with some good links to resources. This one gave me a lot of good threads: https://github.com/dafthack/CloudPentestCheatsheets/tree/master Which is good, I've got some scope to nail down the next week or so, so this should help. #redteam #sharpenthesaw #infosec #cososec

#hack100days : day 23d : Confirmed pktmon was not going to be in-play for my objective tooling. Wireshark is in the software catalog, so explored ways to use sccm at the command line. Still have a ways to go. Was able to enumerate part of the software catalog, but a lot of it wasn't visible. Including wireshark--I think tshark is installed with it, so that's my goal. #redteam #executeonobjectiv #infosec #cososec

#hack100days : day 20d : Worked on #hackthebox Jet fortress. Got another flag. More php tricks. #ctf #infosec #cososec

#hack100days : day 19d : Worked on #hackthebox new release, investigation and managed to get user and root. I used to be strong in perl... ...it was in the last century, though! LOL. #ctf #infosec #cososec

#hack100days : day 18d : Looked at MITRE ATT&CK technique T1547.001 (https://attack.mitre.org/techniques/T1547/001/) for more scoop on scheduled tasks and run keys. Poked at schedtsk and powershell commands for tasks. Not seeing how to use cli to set up a task triggering off of eventid 4800. I found this article, https://cyber.wtf/2022/06/01/windows-registry-analysis-todays-episode-tasks/, which suggests doing it manually on a lab box, export it, and then import via cli on the target. So, this will be something to lab up. #redteam #infosec #persistence #cososec

#hack100days : day 17d : Poking around some more at #windows #persistence. Scheduled Tasks is fun. Out of the box, users can do this. Should they in a business environment? Extra fun, via Scheduled Tasks or via Event Viewer, a task can be set up to trigger of Event IDs. Like event id 4800, which is when a user unlocks their workstation... Me likey. #redteam #infosec #cososec

#hack100days : day 16d : Looked at establishing #persistence w/via registry run and runonce and via Startup. Only the beginning, really. #blueteamers are you watching those keys and folders?

#redteam #windows #infosec #cososec

#hack100days : day 15d : Watched Alh4zr3d twitch stream. PHP assert is interesting. Read up on #redteaming #azuread Phishing is out of scope, so spending time thinking through additional threat vectors. #infosec #cosocec

#hack100days : day 14d : Watched Mudge’s lateral movement video for #cobaltstrike. #activedirectory and #windows refresher. #redteam #infosec #cososec

#hack100days : day 13d : Took a crack at #hackthebox Fortress lab Jet. I'm about a third of the way through. I keep breaking the box trying to get the next flag. Reckon that's a hint what I'm doing is the wrong path for this one. #redteam #sharpenthesaw #infosec #cososec

#hack100days : day 12d : Banged around on #hackthebox release arena's stocker box. It's rated easy, but the foothold was new territory for me, so not too easy. Learned some new stuff, so that's good. #infosec #ctf #sharpenthesaw #cososec

#hack100days : day11d : More #cobaltstrike. Watched a couple of videos on artifact kit. Weird how Mudge said in one of the videos to not use or stay in rundll32 or svchost, but that's exactly how artifact kit rolls. I've got some more to figure out with that one. Also watched a couple of viddys on beacon object files--I suspect *that* is going to be something to explore more of. #redteam #infosec #cososec

#hack100days : day 10d : Banged around with #cobaltstrike some more today. Put my wrapper testing for userid and hostname around a call to get a payload and those bits worked--after disabling the protections on the target box. Need to troubleshoot my flags on pktmon to get that working right. Downloaded the arsenal scripts and next action will be to take that apart to understand. Must. Figure. Out. Obfuscation. #redteam #infosec #cososec

#hack100days : day 9d : Little thin today. Threat modelling galore. Some time at an #infosec meetup talking to a peer re: #cobaltstrike and #redteam #operations. Good to have a sounding board! #cososec

#hack100days : Day 8d : Watched more of Red Team Operations with #cobaltstrike from Raphael Mudge. Finished Initial Access and watched Post Exploitation. Likely going to need to watch that last one again. Some of the info is beyond what I've had to work with before. Malleable C2 profiles may take some time to get good at. #redteam #infosec #cososec

#hack100days: Day 7d : Kept chipping away at #hackthebox new release broscience. Good challenge for #webappsec testing. Recognized an #owasp top 10 vulnerability, but I needed a nudge on how to get ZAP to help me exploit it--Replacer, ftw. Still have some enumeration to do to figure out initial access. Incremental progress is still progress... #infosec #sharpenthesaw

#hack100days: Day 7d : Kept chipping away at #hackthebox new release broscience. Good challenge for #webappsec testing. Recognized an #owasp top 10 vulnerability, but I needed a nudge on how to get ZAP to help me exploit it--Replacer, ftw. Still have some enumeration to do to figure out initial access. Incremental progress is still progress... #infosec #sharpenthesaw #cososec

#hack100days: Day 6d: Continued working on #hackthebox new release bioscience. Went down some enumeration rabbit holes. Found some usernames. Still need to figure out initial access. #infosec #cososec

#hack100days: Day 5d : Worked on #hackthebox new release broscience. #infosec #cososec (Went to a basketball game today, which took a lot of time. M-I-Z!)