Show more

Earlier this year I did a run. I got it done after a couple of stumbles and during that time I got a new gig as a . Also managed to start a course, but not finish. Plus, with being a new shiny, I need to refocus. Time for another run. Stay tuned...

Attending my first meat-space conference in the COVID-era in Indy.

Day100: Hacked on the new HtB release didn’t get far.

Day99: Now about half-way through Practical Web Application Security and Testing. Learned some new ZAP tricks. Also getting more comfortable with docker.

Day98: More time on Practical Web Application Security and Testing.

Day98: More time on Practical Web Application Security and testing. Another section down.

Day97: Found alkanesollutions.co.uk/2021/02/26/list-ad-sites-and-subnets-using-powershell today. Very nice. Last time I poked at AD w/powershell I used the activedirectory module. Thought it was required. This doesn’t need that. Gonna refactor to output in a format more to my preference. Good place to start when mapping a network, ya?

Day96: More watching Practical Web Application Security and Testing from academy.tcm-sec.com. Might poke at another HtB box before day is done.

Day95: Finished of HtB Health. Glad to have worked with a team. For an "easy" box, that felt far from it. Now to watch some web app hacking videos.

Day94: Forgot to log yesterday’s activity. Worked on HtB Health with some folks. Worked on python scripting skills.

Day93: No hands on keyboard hacking today. Read up on Active Directory to refresh and rebuild mental model of what it looks like on a network.

Day92: Today was not as productive as the past two. Did get in some time on alh4zr3d’s stream as he worked on a Try Hack Me box. Couple of tools referenced there look interesting.

Day91: Kept banging on 'return' off and on through the day. Some guidance, based on the results of whoami with priv flag, didn't work as expected. Spun up neo4j and bolt on my infra box for BloodHound. Listened in on mtaggart stream and learned a bit about Content-Security-Policy.

Day90: Took a crack at Hack the Box machine return. I love evil-winrm. Got user pretty quick. Working on priv esc. Should put it away tonight.

Day89: Took a crack at an Offsec Proving Grounds box. Learned more how to deal with open proxies. (Wish I'd known how to do this a couple of years ago.)

Day87: Revisited Ubuntu Multipass and toolbox to run impacket, etc. from. Poked at academy.htb

Day85: D’oh. Forgot to record yesterday. Worked on HtB Blackfield. I’m really liking CrackMapExec. Refreshed the Impacket brain wrinkles.

Day85: Banged on academy.htb. Wordlists matter. Grr.

Day84: Poked at a box on another platform. Looks like BlueKeep is the way in, but metasploit module is for x64 and the target is x86. Found a PoC for x86, but I'm fighting python module dependencies. I need to get better at venv, I guess. Then the clock ran out, so I can't pick at it until tomorrow.

Day83.1 Update: Finished 2nd box. Reset box and switched to meterpreter shell instead of trying to use command shell. Worked great.

Show more

ath0

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.