#hack100days Day64: Started a multiday CTF. Got three of the first five challenges presented and am sitting on 800/1000 points. Going to sit in on Alh4zr3d stream before making dinner and watching the Jan6 shennanigans. #infosec #cososec

#hack100days Day63: Hack the Box Academy today. Worked on LFI module. #infosec #cososec

#hack100days Day62: Okay, I lied. Not HtB. Looked at an Offensive Security Proving Grounds-Playground box. Watched a live walk-through on the box. Also watched an Ippsec video re: LFI. #infosec #cososec

#hack100days Day61: Finished _Bug Bounty Bootcamp_, skipped chapter 23 and read chapters 24 & 25. Tomorrow, back to #htb. #infosec #cososec

#hack100days Day 60: Read chapter 22 of _Bug Bounty Bootcamp_. #infosec #cososec

#hack100days Day59: Turns out I read chapter 20 yesterday and chapter 21 tonight. Duh. Saw a walk through yesterday that leveraged looking for .git on a web page. I haven’t done an analysis on that kind of information disclosure vuln, but I reckon it’s rare but damaging. Tomorrow, we read code. #infosec #cososec

#hack100days Day58: Read chapter 21 in _Bug Bounty Bootcamp_. Dangling CNAME is bad, m'kay? A deeper dive on sign-sign-on exploits is really going to be needed for effectiveness. #infosec #cososec

#hack100days Day57: watched a live stream, Alh4zr3d breaks two k8s challenges on try hack me #infosec #cososec

#hack100days Day56: More cracking at trick.htb. Found a thing on an entry point, but I'm stuck turning it into something more useful. Tantalizing config on entry point two, but it isn't giving me any goods. #infosec #cososec #hackthebox #tryharder

#hack100days Day55: More banging on trick.htb. Found a new potential entry point. Took a while to figure out how to find it, but didn't get terribly far on it before I had to pack it in. #infosec #cososec #hackthebox

#hack100days Day54: Read another chapter, chapter 19, of _Bug Bounty Bootcamp_. #infosec #cososec

#hack100days Day53: Got creds from yesterday's scans. Explored the app, looking for escalation vector. Found limited LFI, so progress! #infosec #cososec #hackthebox

#hack100days Day52.1: Went to the forums for some hints. Revisited a service I thought was a dead end. Double-checked syntax and tried another potential configurable. Boom. Found another entry point. Now I'm starting to get some progress. ...and I'm leaving to go to a concert soon. Gotta unplug for a bit, every now and again! #infosec #cososec #floydcoverband

#hack100days Day52: Kept at htb/trick. Had to spend some time getting acquainted with how "Break" works in ZAP. Wanted to edit a page coming from the server. Didn't get the result I was hoping for. Got one more setting to try before ruling this approach out. #infosec #cososec

#hack100days Day51: Flippin' power outage. It's back on and the day isn't done. I've been enumerating htb/trick. Once service appears to be a dead end. Another service is not giving anything up easily. A third service is interesting, I'm not as well versed in its tech. Fortunately, there's metasploit for that. For now, anyways. #infosec #cososec #hackthebox

#hack100days Day50: Watched some more of a stream with alh4zred. Shadowed someone on discord while they hacked on an android app. Got to see similarities between web apps and mobile apps. Also got to point out a ZAP feature, so I contributed a little bit! ;) #infosec #cososec

#hack100days Day49: Read chapters 17 and 18 of _Bug Bounty Bootcamp_. #infosec #cososec

#hack100days Day48: Mixed it up today. Started watching https://www.youtube.com/watch?v=Llw2PAlXUoE, which led to a twitter/@Alh4zr3d livestream on https://www.twitch.tv/alh4zr3d, which then led me to twitter/@mttaggart and led me to https://www.youtube.com/taggarttech which has an API hacking video I want to watch next. #infosec #cososec

#hack100days Day47: Read chapter 16 of _Bug Bounty Bootcamp_. #infosec #cososec

#hack100days Day45: Baseball Hall of Fame visited today and Chapter 14 of _Bug Bounty Bootcamp_ done. Going to need to do some more labs and walkthroughs of deserialization. Feels a bit like a dark art. #infosec #cososec #vacation