January 18, 2021
After getting a HackTheBox VIP subscription, one of the first boxes I attempted was “Lame”. This is ranked as an easier system and was a good opportunity to see what the platform had to offer.
December 16, 2020
As more applications and resources move to the cloud, organization’s are requiring multi-factor authentication (MFA) to better safeguard user accounts. This post outlines various methods used to bypass MFA in Microsoft 365 and Azure AD during offensive security engagements.
July 1, 2020
Whether you're about to embark on the OSCP journey, already started the PWK course, or waiting those nervous days before the exam, you’ve come to the right place. This post outlines my experiences passing the OSCP and aims to provide some tips that helped me along the way!
March 18, 2020
As a fan of The Big Bang Theory, and while practicing "social distance" due to COVID-19, I decided to try a writeup for emaragko's TBBT: FunWithFlags machine on vulnhub.com. My goal was to gain root privileges on the box and identify all 7 flags using only open source tools, without the use of Metasploit.
March 05, 2020
During an offensive security engagement it may not be a major vulnerability that leads to your end-goal, but a combination of lower severity findings compounded to make a larger impact. This post discusses information disclosure through NTLM authentication, which is one of those smaller vulnerabilities that can lead to greater attacks under the right circumstances. Additionally, we will demonstrate methods for invoking an NTLM challenge response, even when no login page is present, to coerce this information.
September 08, 2019
This blog is intended to be an introduction to payload generation and environmental factors to consider when crafting payloads during a penetration test, or red team engagement. Although seemingly elementary, these concepts carry over into multiple tools commonly used and stress the importance of situational awareness.
September 02, 2018
A few weeks ago I ran into an older version of the Cacti network graphing solution, which led me down the path of researching the application. This revealed some interesting vulnerabilities, discussed in this post, that I have disclosed on the Cacti issues page.
June 08, 2018
This post serves as a cheat sheet for enumerating Windows environments from a Linux host using the Samba Suite. The items listed focus on Samba’s “net” command, which aims to replicate common Windows functionality and provide options for remote management cross platform.