OSCP Sup? I know, I know. Looks like I've been flaking out. Well, I suppose I have, but for good reason. Still studying for the OSCP. Still working on becoming much better at enumeration than I currently am and still working on speeding up my buffer overflow process, so I
OSCP My OSCP journey week 1 I've been working through the PWK labs. It's not the easiest, but I've rooted five boxes and I have a shell in another. I will work on privesc tomorrow. At this point, the boxes haven't been particularly difficult, but I still don&
OSCP So Where are the Updates? I meant to post my writeup of OpenKeys yesterday, but Saturday also so happened to be the day that my PWK coursework arrived. Guess what took priority? Right now, I'm writing my notes in a private GitBook Repo. I'm trying to build a gameplan for when
github What's Your APT Name? Just something I put together last night for fun. Check it here [https://github.com/DanielxBlack/aptnamegenerator].
learning Knowing what you don't know This career can be intimidating. Almost daily, I look at all the things I don't know and think to myself, "Crap, man. This is still a mystery to me." As I work with people who are in the same field, many of them who seem to
hackthebox Hack the Box -- Haircut This is a relatively easy box. Figured I'd do it since it was on the TJ Null list of OSCP-like boxes. Nmap We start with Nmap: nux@KakaLinpoop:~/Documents/htb/boxes/haircut/nmap$ cat scriptScan # Nmap 7.91 scan initiated Wed Dec 2 22:44:28 2020 as:
JavaScript Things I'm Learning Today -- 12.1.2020 I've been reading a lot about XSS lately. That and bug hunting. On the learning agenda for today: * One hour of JavaScript on Code Academy Free. (I am not totally interested in JS, but like learning SQL, it can only help improve some of my other skills.) * XSS
ssh When ya gotta run SSH on more than one port I was working on a HTB challenge recently, and I am positive that the first time I completed the machine a few months ago, SSH access out from the box was allowed. Seems something changed, or I dunno, I got lucky. Not sure. Either way when I was redoing the
STÖK Cool Video - 10+ Free OSINT Tools I just recently discovered STÖK. His vids are pretty cool. Watching his videos and learning as much as I can.
htb Hack the Box -- Buff My writeup of Buff. It's taken from my GitHub notes, before I really started to focus on doing writeups. The original wasn't written with a blog post in mind, but I'll be updating the live post to fix it up and add any relevant
open redirect Learning more things: Open Redirect I am making it a point to study and read up on lots of things that will help me improve my skillset. This book, Web Hacking 101 [https://www.hackerone.com/blog/Hack-Learn-Earn-with-a-Free-E-Book], is free from HackerOne. I'm going through it, trying to understand concepts and writing a
htb Learning day part 3: Reading other HTB writeups -- Tabby, and finding new tools I once received some advice from a dude who is pretty good at this kind of stuff to read other writeups once I've solved a box. This will help because you will discover other techniques you didn't think about or know about. I'm going
ssh Learning Day Part 2 -- SSH Host Keys I started reading about SSH and stumbled onto host keys. I decided to start reading about them, because while I know that individual SSH clients can have keys, I'd never really focused much on reading about host keys. Short white paper I found This is helpful in getting
hackthebox Hack the Box -- Solidstate I usually don't do writeups for boxes I didn't solve while active, but I'm taking today as a learning/training day and I figured I would do one of TJ Null's OSCP-like [https://docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview#
things I learned Things I learned today -- 11.15.20 I got some studying in today. Did a bit of reading and watching some videos. More PrivEsc Today, I went over TryHackMe's Linux PrivEsc portion on weak file permissions [https://tryhackme.com/room/linuxprivesc]. Went over some things I already knew, but it was still cool to go
CIS Benchmarks Things I learned today -- 11.14.20 Adding a table of contents to my Ghost Blog I learned how to add a table of contents [https://danielxblack.ghost.io/posts-now-have-a-table-of-contents/] to my blog posts. I used this guide [https://ghost.org/tutorials/adding-a-table-of-contents/#:~:text=Navigate%20to%20a%20post%20in,%2FHTML”%20and%20hitting%20enter.&text=Then%20click%
Learning some PriveEsc Today I'm still not happy with where I am in terms of skills. The truth is, I probably never will be. That said, I need to keep putting time into learning. I picked up a few courses on privesc on Udemy. Thinking I'm going to spend a
hackthebox Random Notes on Hack the Box -------------------------------------------------------------------------------- I was feeling a bit under the weather recently, and I just couldn't get myself up to do HTB. Instead, I watched some IppSec videos in hopes of learning some things. I checked out the video for Popcorn and tried to understand what was going on as
hackthebox Hack the Box - Blunder This is my walkthrough for Blunder. Nmap Results nux@KacaLinux:~/Documents/htb/boxes/blunder/nmap$ cat services # Nmap 7.80 scan initiated Sat Jun 6 04:58:57 2020 as: nmap -T4 -sC -p 21,80 -oN services 10.10.10.191 Nmap scan report for 10.10.10.191
web security Web Security for Developers Impressions I finished up Web Security for Developers this weekend. It was a great primer for covering exactly what it sets out to: Teach Basic Web Security to Developers. That said, basic in Web Security doesn't mean basic in general. It starts out pretty simple, with a lot of
python Remembering Input Validation and Error Handling As you may know, I've been working on a script that has a working title of EZShellz, or something to that effect. It's not totally official, but it seems to be sticking at this point, so that may become its permanent name. Anyway, I've
github What to learn next? I'm working hard toward my OSCP. I've been studying, and I was given a boost of confidence just a few hours ago. I have a few writeups I can't publish until the boxes are retired. Lame. I'm definitely getting where I need
