learning Relaxing for a bit, and learning at my pace I recently decided to take a bit of a break from work. I was overdoing it and burning out. It's working out for the best so far, and I'm feeling great. I slowed down and started learning at my own pace. Instead of forcing myself to cram new information every
hackthebox HTB post-game recap -- Passage Passage was a cool box overall. The hardest part for me was privesc. I had to get a lead from a buddy to show me what I was looking for. He said something along the lines of "ride the bus." The rest was a ton of Googling anything I found
learning Hack the Box -- Passage This is a write up of Passage on Hack the Box. Nmap As always, we start with our basic Nmap scans. The results are below: nux@KakaLinpoop:~/Documents/htb/boxes/passage/nmap$ nmap -T4 10.10.10.206 -p 22,80 -sC -oN scriptScans Starting Nmap 7.91 ( https://nmap.
OSCP No Spoiler Review -- HTB Delivery Did Delivery on HacktheBox yesterday. I worked with a friend who is also studying for his OSCP, so we were able to build off of each other's progress. The machine is designed by IppSec, the dude who does HTB walkthrough videos on YouTube. Overall, I have to say it was
OSCP Proving Grounds Practice My three readers know by now that my exam experience didn't go as I'd hoped. I've blown through certification exams before, but this was next-level. I went in feeling like I have kicked enough butt in the labs and in HTB to be able to do it pretty easily. Nope.
OSCP Exam kicked my butt Well, I was hoping I wouldn't have to write this post. The exam kicked my butt. Bad. I was hoping this post would be more like, "Yo! I got my OSCP!" I studied quite a bit and felt like I was steamrolling the lab machines. They weren't terribly difficult and
OSCP Update: Still In the Labs Still doing labs. I've popped about 22 boxes. Still need to do more. Hopefully soon I will be posting to report that I've passed. Here's a review of the exam by my friend @opsdisk, who took it a while back (long before OffSec added the 2020 material.) - https://blog.
OSCP Sup? I know, I know. Looks like I've been flaking out. Well, I suppose I have, but for good reason. Still studying for the OSCP. Still working on becoming much better at enumeration than I currently am and still working on speeding up my buffer overflow process, so I don't have
OSCP My OSCP journey week 1 I've been working through the PWK labs. It's not the easiest, but I've rooted five boxes and I have a shell in another. I will work on privesc tomorrow. At this point, the boxes haven't been particularly difficult, but I still don't feel that I'm where I need to be
OSCP So Where are the Updates? I meant to post my writeup of OpenKeys yesterday, but Saturday also so happened to be the day that my PWK coursework arrived. Guess what took priority? Right now, I'm writing my notes in a private GitBook Repo. I'm trying to build a gameplan for when I take the exam.
learning Knowing what you don't know This career can be intimidating. Almost daily, I look at all the things I don't know and think to myself, "Crap, man. This is still a mystery to me." As I work with people who are in the same field, many of them who seem to have it all together,
hackthebox Hack the Box -- Haircut This is a relatively easy box. Figured I'd do it since it was on the TJ Null list of OSCP-like boxes. Nmap We start with Nmap: nux@KakaLinpoop:~/Documents/htb/boxes/haircut/nmap$ cat scriptScan # Nmap 7.91 scan initiated Wed Dec 2 22:44:28 2020 as: nmap -T4
ssh When ya gotta run SSH on more than one port I was working on a HTB challenge recently, and I am positive that the first time I completed the machine a few months ago, SSH access out from the box was allowed. Seems something changed, or I dunno, I got lucky. Not sure. Either way when I was redoing the
htb Hack the Box -- Buff My writeup of Buff. It's taken from my GitHub notes, before I really started to focus on doing writeups. The original wasn't written with a blog post in mind, but I'll be updating the live post to fix it up and add any relevant screenshots. Nmap Results sudo nmap -T4
htb Learning day part 3: Reading other HTB writeups -- Tabby, and finding new tools I once received some advice from a dude who is pretty good at this kind of stuff to read other writeups once I've solved a box. This will help because you will discover other techniques you didn't think about or know about. I'm going to do that right now with
sql Port Swigger's Web Security Academy is Good Stuff One of my current weak points (and there are many) is SQL injection. I just can't quite pull them off yet. Sure, I know the basics like or '1'='1' stuff. Even then, it's a bit rocky for me. It's when it comes down to trying to make sense of
hackthebox Hack the Box Walkthrough - Traceback Traceback is an easy box on Hack the Box. The premise is that it got pwned and the attacker left a back door for us to use. It was retired this week, so now I can write about it. Of course the first thing we do is run Nmap. Here's
OSCP Learned something new about reverse shells this weekend I've been working on more Windows boxes lately as part of my OSCP preparation. It's no secret to any of my friends who know me personally that I'm not a big fan of working on Windows. Tough luck. Have to learn. Anyway, Windows doesn't typically have cool apps like Netcat
OSCP As I work towards my OSCP I've been working on my OSCP for some time. I just never feel quite ready. I've been pwning more and more machines on Hack the Box. Things are making much more sense, and it's coming together better than it did before. That said, I still don't feel quite ready. I
OSCP Cool new trick I learned to transfer files to Windows boxes My buddy Julian and I are both on the road to OSCP. We've been setting up study sessions where we attack boxes from TJ Null's list of OSCP-like boxes [https://docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview#] . It's a live list that's always growing. Worth checking out if
OSCP Thoughts as I work through some studies I've been cracking away at studying for the OSCP certification. It's taken quite a bit of my time, but I want to accomplish it. I've also been sitting on the eLearn Security eCPPT course. It's good content, but I'm more motivated to obtain my OSCP, because it has a name