Show more

Day76: Listened in on a couple of twitch streams by Alh4zr3d and mmtaggart. Poked at a Winderz box on offsec proving grounds.

@asmitty I've not been following this thread anymore.

Day75: Got my CTF prize, a month-long access to Offsec Proving Grounds Practice, so started on that. Hitting the first easy box. Basic enumeration in-flight. SSH, DNS, and two web services and and two mqueue listeners.

Day74: Found a user w/low priv on the HtB box--based on the hostname, I took a flyer at a username I thought would match. Was able to use it to enumerate some additional users. Now brute-forcing for passwords. No school like the old school. Really wish folks would use fasttrack.txt for password brute forcing. Fairly long list of users, so this will take a while.

Day73: Took a crack at today's release on HtB. Bunch of enumeration. Still poking around to find entry point. Not a webserver and I'm out of practice on anything but web servers, so this is good. Slow. But good.

Day72.1: Update. I eventually figured the pivot—“pcap, or it didn’t happen!” Learned a bit more about Docker and worked on Wireshark skill. Ended up w/in top 10 and got a cyberrange voucher from the prize pool. I reckon there were between 50 and 100 people taking a crack at it.

@spacesloth I heard AWS had some issues. Haven't chased down details on that yet.

Day72: Continued banging on ctf. Limited rce was sneaky rabbit hole. Found correct path to get shell. New one on me, so that was fun. Working on pivot point. This one's a little tougher.

Day71: almost forgot to log it. Watched a stream. Hacked on a ctf. Figured out limited rce, but stumped on turning it into something really useful. It’ll be on tomorrow, so maybe a fresh look after sleep and coffee.

@BenA Now I know why my wife talked me out of cooking tonight. Dangit. Should have planned better.

@kel Our progeny's school went back full time this last school year. There was a super spreader event that prompted a 'school from home' week to fire break the spread. Overall, Kidlet's mental health improved greatly, along with social life. Tell the kids to mask up and they'll mask up!

Day70: More work on HtB Academy & ffuf. Made some progress and then stalled. Looks like word list choice is finicky. Read this article and found it pretty interesting: blog.includesecurity.com/2022/. Signed up for the beta of git CodeSearch.

Day69: More work on HtB Academy & ffuf. One more exercise to complete. Also kibbutzed on Al4zr3d stream while he walked through a couple of TryHackMe boxes.

@ketchup9080 Thanks! I'm, laughingly, banging on the last ffuf challenge before the skills assessment. I've been interleaving it with watching an Alh4zr3d stream, dinner, etc. If I don't get it sorted tonight, I'll ping you tomorrow.

@kel Planted one in a container this year. No flowers or fruit yet. It's getting larger and sending out runners. Need to do some research on cutting off the runners trying to make it out of the container. Maybe then it'll start trying to flower.

Show more

ath0

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.