Show more
ath0 boosted

: day 16d : Looked at establishing w/via registry run and runonce and via Startup. Only the beginning, really. are you watching those keys and folders?

: day 15d : Watched Alh4zr3d twitch stream. PHP assert is interesting. Read up on Phishing is out of scope, so spending time thinking through additional threat vectors.

ath0 boosted

: day 13d : Took a crack at Fortress lab Jet. I'm about a third of the way through. I keep breaking the box trying to get the next flag. Reckon that's a hint what I'm doing is the wrong path for this one.

ath0 boosted
ath0 boosted

: day 12d : Banged around on release arena's stocker box. It's rated easy, but the foothold was new territory for me, so not too easy. Learned some new stuff, so that's good.

: day11d : More . Watched a couple of videos on artifact kit. Weird how Mudge said in one of the videos to not use or stay in rundll32 or svchost, but that's exactly how artifact kit rolls. I've got some more to figure out with that one. Also watched a couple of viddys on beacon object files--I suspect *that* is going to be something to explore more of.

ath0 boosted

Freddie Mercury, Venus Williams, and Bruno Mars walk into a bar.
...
They didn't planet that way.

: day 10d : Banged around with some more today. Put my wrapper testing for userid and hostname around a call to get a payload and those bits worked--after disabling the protections on the target box. Need to troubleshoot my flags on pktmon to get that working right. Downloaded the arsenal scripts and next action will be to take that apart to understand. Must. Figure. Out. Obfuscation.

: day 9d : Little thin today. Threat modelling galore. Some time at an meetup talking to a peer re: and . Good to have a sounding board!

: Day 8d : Watched more of Red Team Operations with from Raphael Mudge. Finished Initial Access and watched Post Exploitation. Likely going to need to watch that last one again. Some of the info is beyond what I've had to work with before. Malleable C2 profiles may take some time to get good at.

: Day 7d : Kept chipping away at new release broscience. Good challenge for testing. Recognized an top 10 vulnerability, but I needed a nudge on how to get ZAP to help me exploit it--Replacer, ftw. Still have some enumeration to do to figure out initial access. Incremental progress is still progress...

: Day 7d : Kept chipping away at new release broscience. Good challenge for testing. Recognized an top 10 vulnerability, but I needed a nudge on how to get ZAP to help me exploit it--Replacer, ftw. Still have some enumeration to do to figure out initial access. Incremental progress is still progress...

: Day 6d: Continued working on new release bioscience. Went down some enumeration rabbit holes. Found some usernames. Still need to figure out initial access.

: Day 5d : Worked on new release broscience. (Went to a basketball game today, which took a lot of time. M-I-Z!)

: Day 4d : Today's efforts on this were thin. Took a stab at using to write a draft of my script and it's going to be a good place to start.

Show more

ath0

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.