Posts

THM AOC: SIDEQUEST 1!

So I can finally write up my Side Quest, I have at this point made it to Side Quest 2, however have not made it much further due to other commitments. That said doing Side quest 1 was a real joy! The Objectives were as follows Objective 1: Identify the WiFi SSID This task was […]
SANS KringleCon 2023 : Linux Priv Esc

They had me in the first half, not gonna lie. I thought about this too much when I first kicked off this challenge. But, I think I found the intended way to exploit the vulnerable application left on this box. The premise is, you start with a standard user account and need to run the […]
SANS KringleCon 2023 : HASHCAT!

Ah it is that time of year again for the SANS Holiday Hack, aka. Kringlecon. I have jumped in and had a great initial couple of hours. The premise for this year is a bunch of islands and you travel between them with your pirate ship. One of the challenges was to user hashcat to […]
THM : Dodge , Write Up

Ah 2024! Lets kick this off shall we with a write up from a room I worked on. The room is called Dodge. I decided to sharpen the axe, especially off the back of advent of cyber and kringle con. This room called to me, mainly because it offered some simple objectives and seemed like […]
THM : Recovering Active Directory

This post is more of a write up than a thought piece. This post goes over the Try Hack Me Room; Recovering Active Directory. <Rant> While I write this post I hit a challenge, the main challenge being how disappointed I was with this room. The practical’s are weak. The advice and guidance is also […]
THM : Windows Hardening

This is my write up of the Try Hack Me room Microsoft Windows Hardening. I am doing this room as a pre-req recommendation to the Recovering Active Directory Room, which I am thoroughly looking forwad to! The rooms main focus is to run through the basics of workstation hardening and focuses on a variety of […]
Don’t Schedule Privilege

Something that crops up time an time again is the usage of Privileged accounts to run applications on a server as part of a scheduled run, or cronjob. TL;DR DON’T use high Privilege, apply Principles of Least Privilege, Local Accounts, Manage them. Using a highly privileged account to run your tasks is convenient, don’t get […]
Thinking about Data Backups and Archiving.

Data Archiving is something everyone does, whether you mean too or not. Think about you smart devices, you may use them to take pictures, send e-mail, write lists, or even make calls (Say what!). The history, or more specifically, logs about what you do may be saved in a few places. The question to ask […]
IPFire and OpenVPN: Opinions are Opinions… and there are some misguided ones.

Today I was looking at my lab configuration and noticed that my configuration had a flaw. To give some context, the lab runs through VMWare. Within the environment there are 3 network interfaces. When running some tests I noticed that I was able to go via the IPFire Router and access the local network. This […]
Weekend Edition: Things from the week.

This week has been pretty standard, the usual day to day working on projects and helping those who are under duress. With that said I thought it would be cool to grab three things I worked on and give an overview. This week list is; Reaction Part of what I do is focused on reacting […]