Tag: Open Source
March 30, 2023
Wazuh - An open-source security platform
A friend and mentor in the field introduced me to Wazuh. An open source, free to use tool for security. He was looking at the tool to understand some of it’s inner functionality for his own projects, but when I was reviewing it with him I was impressed by it’s feature set.
First off, being open source means that Wazuh has source code published online that anyone can use, review, or extend.
Tag: SIEM
March 30, 2023
Wazuh - An open-source security platform
A friend and mentor in the field introduced me to Wazuh. An open source, free to use tool for security. He was looking at the tool to understand some of it’s inner functionality for his own projects, but when I was reviewing it with him I was impressed by it’s feature set.
First off, being open source means that Wazuh has source code published online that anyone can use, review, or extend.
Tag: Wazuh
March 30, 2023
Wazuh - An open-source security platform
A friend and mentor in the field introduced me to Wazuh. An open source, free to use tool for security. He was looking at the tool to understand some of it’s inner functionality for his own projects, but when I was reviewing it with him I was impressed by it’s feature set.
First off, being open source means that Wazuh has source code published online that anyone can use, review, or extend.
Tag: XDR
March 30, 2023
Wazuh - An open-source security platform
A friend and mentor in the field introduced me to Wazuh. An open source, free to use tool for security. He was looking at the tool to understand some of it’s inner functionality for his own projects, but when I was reviewing it with him I was impressed by it’s feature set.
First off, being open source means that Wazuh has source code published online that anyone can use, review, or extend.
Tag: Bsides
March 18, 2023
Organizing Bsides Harrisburg
Bsides Harrisburg was on March 11, 2023. Our first post-covid Bsides conference in central Pennsylvania under new organizers. A small team of local security professionals gathered together to collect funding, invite speakers, and attract attendees. I was privileged to be one of the organizers and act as a treasurer, ensuring that we had the required funding to cover what we wanted to include. Here is my summary of planning the event and how I thought the event went.
Tag: Conference
March 18, 2023
Organizing Bsides Harrisburg
Bsides Harrisburg was on March 11, 2023. Our first post-covid Bsides conference in central Pennsylvania under new organizers. A small team of local security professionals gathered together to collect funding, invite speakers, and attract attendees. I was privileged to be one of the organizers and act as a treasurer, ensuring that we had the required funding to cover what we wanted to include. Here is my summary of planning the event and how I thought the event went.
October 17, 2022
Volunteering at GrrCON 2022
When I first joined the infosec community back in 2015, I was able to attend some local meetups but one of my highlights for the year was volunteering at GrrCON. GrrCON is a conference in Grand Rapids, MI where the local airport abbreviation is GRR. This conference, it’s staff, speakers, and environment shaped me to be the hacker I am today. In October, I returned for another chance to help out and give back to the community that has given me so much.
October 29, 2017
Volunteering at GrrCON 2017
GrrCON 2017, the seventh year and my third time attending. I volunteered again this year because it is a lot more involved than being a regular attendee. I’ve been to other conferences where volunteering burns you out. GrrCON is the only con where I could be in the middle of one job and ask “What more can I do to help?”.
The 2017 Difference GrrCON hasn’t changed much since I have started coming to it.
October 12, 2016
GrrCON 2016
October 6th & 7th was GrrCON. For those that don’t know, it is a security conference in Grand Rapids, Michigan. 2015 was the first year I started going to conferences and GrrCON was my first. That year I volunteered because it’s really hard for poor students to pay their way for the fun stuff. This year, I have a job that actually pays for me to go and learn about security.
October 16, 2015
Volunteering at GrrCON 2015!
Who’s been to a Security Conference before? I’m finally able to include myself in that group and I’m really exited about that. A conference is all about meeting others in infosec, learning a lot from talks and workshops, trying your hand at capture the flags (CTFs) or lock picking, networking and most importantly having a great time.
Not only did I get to go to my first con, I got to volunteer at GrrCON!
Tag: PA Hackers
March 18, 2023
Organizing Bsides Harrisburg
Bsides Harrisburg was on March 11, 2023. Our first post-covid Bsides conference in central Pennsylvania under new organizers. A small team of local security professionals gathered together to collect funding, invite speakers, and attract attendees. I was privileged to be one of the organizers and act as a treasurer, ensuring that we had the required funding to cover what we wanted to include. Here is my summary of planning the event and how I thought the event went.
Tag: ZeroTrust
February 19, 2023
Intro to Cloudflare Zero Trust
Cloudflare offers some amazing, and free, products to secure personal use, self-hosted applications and devices. Last week, I set up a server at home running docker containers. By using Cloudflare I can securely make those docker containers internet accessible. Previously in order to do that, I’d have to open a port through my home router and accept any traffic from the internet on that port. This is visible and allows a home IP to appear in use to anyone who scans it.
Tag: GuestAuthor
February 18, 2023
Are Password Managers Safe to Use?
Note from hackerunder.dev:
This post was copied from https://www.passwordmanager.com/are-password-managers-safe-to-use/ with permission to display on this site.
Managing all of your passwords for different accounts can be surprisingly complicated. You need to be able to create, store, and access strong passwords for all of your accounts on every device you use.
Furthermore, each password needs to be unique, making it nearly impossible to remember every one of them on your own.
Tag: PasswordManagement
February 18, 2023
Are Password Managers Safe to Use?
Note from hackerunder.dev:
This post was copied from https://www.passwordmanager.com/are-password-managers-safe-to-use/ with permission to display on this site.
Managing all of your passwords for different accounts can be surprisingly complicated. You need to be able to create, store, and access strong passwords for all of your accounts on every device you use.
Furthermore, each password needs to be unique, making it nearly impossible to remember every one of them on your own.
October 23, 2022
Introduction to Password Management
Every computer, social media platform, or online tool requries some level of authentication. This usually requires a username and password. Correctly managing these credentials can be a defining point in defending yourself from an online attacker. What if I told you that a hand written log of passwords is not the most insecure means of password management?
Key requirements of credentials Lets start with the basics. A username is a value that is used to identify a user and a password is a secret that is used to verify a user is who they claim to be.
Tag: Docker
February 15, 2023
Building a docker server
This blog post is a record of what I did to spin up a home server that uses Docker for various side projects and fun. One of the pain points of having projects that involve computer applications, websites, or code is that it needs to be hosted somewhere to run. Our personal computers are not usually online for projects that could be running all the time. Creating physical servers or paying for cloud hosting can get expenive fast for passion projects or proof of concepts.
Tag: HomeLab
February 15, 2023
Building a docker server
This blog post is a record of what I did to spin up a home server that uses Docker for various side projects and fun. One of the pain points of having projects that involve computer applications, websites, or code is that it needs to be hosted somewhere to run. Our personal computers are not usually online for projects that could be running all the time. Creating physical servers or paying for cloud hosting can get expenive fast for passion projects or proof of concepts.
Tag: Linux
February 15, 2023
Building a docker server
This blog post is a record of what I did to spin up a home server that uses Docker for various side projects and fun. One of the pain points of having projects that involve computer applications, websites, or code is that it needs to be hosted somewhere to run. Our personal computers are not usually online for projects that could be running all the time. Creating physical servers or paying for cloud hosting can get expenive fast for passion projects or proof of concepts.
April 29, 2022
Proving Grounds DC4 Writeup
DC-4 is the fourth machine in the DC series on Vulnhub and the third available in OffSec’s Proving Grounds Play. S1ren did a live stream on twitch.tv explaining this machine and the recording is on YouTube. If you are looking for DC3, I will be uploading a post later. Currently I host my target on VMware machines and DC3 was not working well. I plan on switching to virtualbox with a different computer soon.
April 8, 2022
Proving Grounds DC2 Writeup
DC-2 is the second machine in the DC series on Vulnhub. In my DC-1 writeup I mentioned S1ren’s walkthrough streams on Twitch.tv and how the videos are recorded on Youtube. S1ren’s DC-2 walkthrough is in the same playlist.
Something new as of creating this writeup is that Offensive Security is now offering some of the DC machines on the Proving Grounds. The Proving Grounds offers a free option for anyone to sign up and get 3 hours per day of access to any machine in their “Play” tier.
April 5, 2022
Vulnhub DC1 Writeup
S1ren from Offensive Security has taken on the task of regularly streaming Vulnhub machines on Twitch.tv at OffSecOfficial. She is hacking one machine a week from Vulnhub and bringing her viewers along for an interactive experience. Viewers can comment during the stream to suggest things to enumerate, exploit, or take note of as well as ask any questions. I’ve started to attempt the machines each week and record notes as I go.
June 13, 2021
Proving Grounds My-CMSMS Writeup
Full disclosure: I am an Offensive Security employee. This My-CMSMS walkthrough is a summary of what I did and learned. Friends from #misec and I completed this challenge together. No company restricted resources were used. Creating walkthroughs for Proving Grounds (PG) Play machines is allowed for anyone to publish. However, PG Practice machines from the paid tier, are not permitted to have public walkthroughs posted.
On June 11th, @InfosecAli and I signed into Proving Grounds and booted up an intermediate PG play machine called My-CMSMS.
Tag: CAM2022
October 23, 2022
Introduction to Password Management
Every computer, social media platform, or online tool requries some level of authentication. This usually requires a username and password. Correctly managing these credentials can be a defining point in defending yourself from an online attacker. What if I told you that a hand written log of passwords is not the most insecure means of password management?
Key requirements of credentials Lets start with the basics. A username is a value that is used to identify a user and a password is a secret that is used to verify a user is who they claim to be.
October 23, 2022
Introduction to Phishing
In this post, we will review the basics of phishing as a part of cybersecurity month. Many organizations, goverments, and infosec companies prepare ways to inform the general public on how to prevent falling victim to these kinds of attacks. Hopefully by the end of this, you will know what phishing is and have a few things to review falling victim to criminals that may be targeting you.
What is Phishing?
October 8, 2022
Welcome to Cybersecurity Awareness Month!
The month of October is Cybersecurity Awareness Month. The National Cybersecurity Alliance (NCA) has partnered with US government agencies to promote understanding of security topics. Many communities and security companies use this month as an opportunity to reach out to the general public as well. This year, I have partnered with NCA as a awareness champion to promote four topics with my readers. On top of that I will be reposting related threads on Twitter and sharing about additional opportunities that could benefit you.
Tag: NationalCybersecurityAlliance
October 23, 2022
Introduction to Password Management
Every computer, social media platform, or online tool requries some level of authentication. This usually requires a username and password. Correctly managing these credentials can be a defining point in defending yourself from an online attacker. What if I told you that a hand written log of passwords is not the most insecure means of password management?
Key requirements of credentials Lets start with the basics. A username is a value that is used to identify a user and a password is a secret that is used to verify a user is who they claim to be.
October 23, 2022
Introduction to Phishing
In this post, we will review the basics of phishing as a part of cybersecurity month. Many organizations, goverments, and infosec companies prepare ways to inform the general public on how to prevent falling victim to these kinds of attacks. Hopefully by the end of this, you will know what phishing is and have a few things to review falling victim to criminals that may be targeting you.
What is Phishing?
October 8, 2022
Welcome to Cybersecurity Awareness Month!
The month of October is Cybersecurity Awareness Month. The National Cybersecurity Alliance (NCA) has partnered with US government agencies to promote understanding of security topics. Many communities and security companies use this month as an opportunity to reach out to the general public as well. This year, I have partnered with NCA as a awareness champion to promote four topics with my readers. On top of that I will be reposting related threads on Twitter and sharing about additional opportunities that could benefit you.
Tag: Phishing
October 23, 2022
Introduction to Phishing
In this post, we will review the basics of phishing as a part of cybersecurity month. Many organizations, goverments, and infosec companies prepare ways to inform the general public on how to prevent falling victim to these kinds of attacks. Hopefully by the end of this, you will know what phishing is and have a few things to review falling victim to criminals that may be targeting you.
What is Phishing?
Tag: GrrCON
October 17, 2022
Volunteering at GrrCON 2022
When I first joined the infosec community back in 2015, I was able to attend some local meetups but one of my highlights for the year was volunteering at GrrCON. GrrCON is a conference in Grand Rapids, MI where the local airport abbreviation is GRR. This conference, it’s staff, speakers, and environment shaped me to be the hacker I am today. In October, I returned for another chance to help out and give back to the community that has given me so much.
October 29, 2017
Volunteering at GrrCON 2017
GrrCON 2017, the seventh year and my third time attending. I volunteered again this year because it is a lot more involved than being a regular attendee. I’ve been to other conferences where volunteering burns you out. GrrCON is the only con where I could be in the middle of one job and ask “What more can I do to help?”.
The 2017 Difference GrrCON hasn’t changed much since I have started coming to it.
October 12, 2016
GrrCON 2016
October 6th & 7th was GrrCON. For those that don’t know, it is a security conference in Grand Rapids, Michigan. 2015 was the first year I started going to conferences and GrrCON was my first. That year I volunteered because it’s really hard for poor students to pay their way for the fun stuff. This year, I have a job that actually pays for me to go and learn about security.
October 16, 2015
Volunteering at GrrCON 2015!
Who’s been to a Security Conference before? I’m finally able to include myself in that group and I’m really exited about that. A conference is all about meeting others in infosec, learning a lot from talks and workshops, trying your hand at capture the flags (CTFs) or lock picking, networking and most importantly having a great time.
Not only did I get to go to my first con, I got to volunteer at GrrCON!
Tag: misec
October 17, 2022
Volunteering at GrrCON 2022
When I first joined the infosec community back in 2015, I was able to attend some local meetups but one of my highlights for the year was volunteering at GrrCON. GrrCON is a conference in Grand Rapids, MI where the local airport abbreviation is GRR. This conference, it’s staff, speakers, and environment shaped me to be the hacker I am today. In October, I returned for another chance to help out and give back to the community that has given me so much.
January 13, 2020
Picat's Podcast: Episode 6
In this hour long podcast episode, I reviewed a lot of what I’ve done and what my current projects are. For this year, my goals are to get the OSCP and find a position at Offensive Security that is in the information security realm instead of development. Apart from studying, I’m also trying to help the Kali team with getting official cloud versions available on AWS and Azure with each new Kali release.
October 29, 2017
Volunteering at GrrCON 2017
GrrCON 2017, the seventh year and my third time attending. I volunteered again this year because it is a lot more involved than being a regular attendee. I’ve been to other conferences where volunteering burns you out. GrrCON is the only con where I could be in the middle of one job and ask “What more can I do to help?”.
The 2017 Difference GrrCON hasn’t changed much since I have started coming to it.
October 12, 2016
GrrCON 2016
October 6th & 7th was GrrCON. For those that don’t know, it is a security conference in Grand Rapids, Michigan. 2015 was the first year I started going to conferences and GrrCON was my first. That year I volunteered because it’s really hard for poor students to pay their way for the fun stuff. This year, I have a job that actually pays for me to go and learn about security.
October 16, 2015
Volunteering at GrrCON 2015!
Who’s been to a Security Conference before? I’m finally able to include myself in that group and I’m really exited about that. A conference is all about meeting others in infosec, learning a lot from talks and workshops, trying your hand at capture the flags (CTFs) or lock picking, networking and most importantly having a great time.
Not only did I get to go to my first con, I got to volunteer at GrrCON!
Tag: Volunteering
October 17, 2022
Volunteering at GrrCON 2022
When I first joined the infosec community back in 2015, I was able to attend some local meetups but one of my highlights for the year was volunteering at GrrCON. GrrCON is a conference in Grand Rapids, MI where the local airport abbreviation is GRR. This conference, it’s staff, speakers, and environment shaped me to be the hacker I am today. In October, I returned for another chance to help out and give back to the community that has given me so much.
October 29, 2017
Volunteering at GrrCON 2017
GrrCON 2017, the seventh year and my third time attending. I volunteered again this year because it is a lot more involved than being a regular attendee. I’ve been to other conferences where volunteering burns you out. GrrCON is the only con where I could be in the middle of one job and ask “What more can I do to help?”.
The 2017 Difference GrrCON hasn’t changed much since I have started coming to it.
October 12, 2016
GrrCON 2016
October 6th & 7th was GrrCON. For those that don’t know, it is a security conference in Grand Rapids, Michigan. 2015 was the first year I started going to conferences and GrrCON was my first. That year I volunteered because it’s really hard for poor students to pay their way for the fun stuff. This year, I have a job that actually pays for me to go and learn about security.
October 16, 2015
Volunteering at GrrCON 2015!
Who’s been to a Security Conference before? I’m finally able to include myself in that group and I’m really exited about that. A conference is all about meeting others in infosec, learning a lot from talks and workshops, trying your hand at capture the flags (CTFs) or lock picking, networking and most importantly having a great time.
Not only did I get to go to my first con, I got to volunteer at GrrCON!
Tag: HTB
October 8, 2022
Welcome to Cybersecurity Awareness Month!
The month of October is Cybersecurity Awareness Month. The National Cybersecurity Alliance (NCA) has partnered with US government agencies to promote understanding of security topics. Many communities and security companies use this month as an opportunity to reach out to the general public as well. This year, I have partnered with NCA as a awareness champion to promote four topics with my readers. On top of that I will be reposting related threads on Twitter and sharing about additional opportunities that could benefit you.
July 9, 2020
HackTheBox Sauna Writeup
Sauna is another “easy” Windows machine on HackTheBox. However I definitely fell down my fair share of rabbit holes on this one. There’s a static website hosted here, so I thought it’d start with a web shell. However, this box turned out to to be entire about domains and LDAP. Which I have very little experience with to date. While this blog may sound like a straight path, it’s well edited to be stream lined.
July 4, 2020
HackTheBox Remote Writeup
Remote was a fun windows box to hack. This is my second active target on HTB. My first was Traceback. Check that out for a similar web based exercise on Linux. Remote starts with a web vulnerability but requires finding credentials in a public share. DLL Hijacking is required to get a system shell.
Lessons learned: Mounting a public windows share Exploit modifications – changing python code for a web exploit DLL Hijacking for privilege escalation Information gathering An initial nmap scan reveals some listening services.
May 3, 2020
HackTheBox Traceback Write-up
Thanks to a zoom call with members of PA Hackers. I fully exploited my first active HTB machine where I got points for my effort. To celebrate getting root, here’s my write-up. I learned quite a lot with this machine. It introduced me to new PHP web shells and message of the day (motd) privilege escalation.
Lessons Learned Open Source INTelligence (OSINT) refresher with Google and Github PHP web shell alternatives to php-reverse-shell.
Tag: OffSec
October 8, 2022
Welcome to Cybersecurity Awareness Month!
The month of October is Cybersecurity Awareness Month. The National Cybersecurity Alliance (NCA) has partnered with US government agencies to promote understanding of security topics. Many communities and security companies use this month as an opportunity to reach out to the general public as well. This year, I have partnered with NCA as a awareness champion to promote four topics with my readers. On top of that I will be reposting related threads on Twitter and sharing about additional opportunities that could benefit you.
April 29, 2022
Proving Grounds DC4 Writeup
DC-4 is the fourth machine in the DC series on Vulnhub and the third available in OffSec’s Proving Grounds Play. S1ren did a live stream on twitch.tv explaining this machine and the recording is on YouTube. If you are looking for DC3, I will be uploading a post later. Currently I host my target on VMware machines and DC3 was not working well. I plan on switching to virtualbox with a different computer soon.
April 8, 2022
Proving Grounds DC2 Writeup
DC-2 is the second machine in the DC series on Vulnhub. In my DC-1 writeup I mentioned S1ren’s walkthrough streams on Twitch.tv and how the videos are recorded on Youtube. S1ren’s DC-2 walkthrough is in the same playlist.
Something new as of creating this writeup is that Offensive Security is now offering some of the DC machines on the Proving Grounds. The Proving Grounds offers a free option for anyone to sign up and get 3 hours per day of access to any machine in their “Play” tier.
April 5, 2022
Vulnhub DC1 Writeup
S1ren from Offensive Security has taken on the task of regularly streaming Vulnhub machines on Twitch.tv at OffSecOfficial. She is hacking one machine a week from Vulnhub and bringing her viewers along for an interactive experience. Viewers can comment during the stream to suggest things to enumerate, exploit, or take note of as well as ask any questions. I’ve started to attempt the machines each week and record notes as I go.
June 13, 2021
Proving Grounds My-CMSMS Writeup
Full disclosure: I am an Offensive Security employee. This My-CMSMS walkthrough is a summary of what I did and learned. Friends from #misec and I completed this challenge together. No company restricted resources were used. Creating walkthroughs for Proving Grounds (PG) Play machines is allowed for anyone to publish. However, PG Practice machines from the paid tier, are not permitted to have public walkthroughs posted.
On June 11th, @InfosecAli and I signed into Proving Grounds and booted up an intermediate PG play machine called My-CMSMS.
Tag: minecraft
August 23, 2022
Rebuilding my home server
A long time ago, I built a computer and have since sparsely used it as a home server. The last time I reinstalled an operating system on it, I installed Ubuntu Desktop Eoan and never remembers to update the machine. This blog post will serve as a record of what I did to setup the machine again after wiping it.
Services I installed included
ufw ssh ftp Minecraft Samba fileshare While attempting to install samba on the old system, apt update failed.
April 30, 2020
Starting a Minecraft server
I’ve had a love hate relationship with Minecraft since I bought the beta when I was in highschool 2011. Throughout the years I’ve played countless local games, and joined others online in public servers. Over the last decade, I cycled through playing, getting mad at myself for not being productive, and taking a break. Lately I’ve been watching Hermitcraft more than playing or working combined. To convince myself I was being productive, I told myself starting a Minecraft server to play with friends and family would be a worthwhile systems administration and security project.
Tag: Samba
August 23, 2022
Rebuilding my home server
A long time ago, I built a computer and have since sparsely used it as a home server. The last time I reinstalled an operating system on it, I installed Ubuntu Desktop Eoan and never remembers to update the machine. This blog post will serve as a record of what I did to setup the machine again after wiping it.
Services I installed included
ufw ssh ftp Minecraft Samba fileshare While attempting to install samba on the old system, apt update failed.
Tag: Ubuntu
August 23, 2022
Rebuilding my home server
A long time ago, I built a computer and have since sparsely used it as a home server. The last time I reinstalled an operating system on it, I installed Ubuntu Desktop Eoan and never remembers to update the machine. This blog post will serve as a record of what I did to setup the machine again after wiping it.
Services I installed included
ufw ssh ftp Minecraft Samba fileshare While attempting to install samba on the old system, apt update failed.
Tag: brute force
April 29, 2022
Proving Grounds DC4 Writeup
DC-4 is the fourth machine in the DC series on Vulnhub and the third available in OffSec’s Proving Grounds Play. S1ren did a live stream on twitch.tv explaining this machine and the recording is on YouTube. If you are looking for DC3, I will be uploading a post later. Currently I host my target on VMware machines and DC3 was not working well. I plan on switching to virtualbox with a different computer soon.
Tag: burpsuite
April 29, 2022
Proving Grounds DC4 Writeup
DC-4 is the fourth machine in the DC series on Vulnhub and the third available in OffSec’s Proving Grounds Play. S1ren did a live stream on twitch.tv explaining this machine and the recording is on YouTube. If you are looking for DC3, I will be uploading a post later. Currently I host my target on VMware machines and DC3 was not working well. I plan on switching to virtualbox with a different computer soon.
Tag: hydra
April 29, 2022
Proving Grounds DC4 Writeup
DC-4 is the fourth machine in the DC series on Vulnhub and the third available in OffSec’s Proving Grounds Play. S1ren did a live stream on twitch.tv explaining this machine and the recording is on YouTube. If you are looking for DC3, I will be uploading a post later. Currently I host my target on VMware machines and DC3 was not working well. I plan on switching to virtualbox with a different computer soon.
Tag: ProvingGrounds
April 29, 2022
Proving Grounds DC4 Writeup
DC-4 is the fourth machine in the DC series on Vulnhub and the third available in OffSec’s Proving Grounds Play. S1ren did a live stream on twitch.tv explaining this machine and the recording is on YouTube. If you are looking for DC3, I will be uploading a post later. Currently I host my target on VMware machines and DC3 was not working well. I plan on switching to virtualbox with a different computer soon.
April 8, 2022
Proving Grounds DC2 Writeup
DC-2 is the second machine in the DC series on Vulnhub. In my DC-1 writeup I mentioned S1ren’s walkthrough streams on Twitch.tv and how the videos are recorded on Youtube. S1ren’s DC-2 walkthrough is in the same playlist.
Something new as of creating this writeup is that Offensive Security is now offering some of the DC machines on the Proving Grounds. The Proving Grounds offers a free option for anyone to sign up and get 3 hours per day of access to any machine in their “Play” tier.
June 13, 2021
Proving Grounds My-CMSMS Writeup
Full disclosure: I am an Offensive Security employee. This My-CMSMS walkthrough is a summary of what I did and learned. Friends from #misec and I completed this challenge together. No company restricted resources were used. Creating walkthroughs for Proving Grounds (PG) Play machines is allowed for anyone to publish. However, PG Practice machines from the paid tier, are not permitted to have public walkthroughs posted.
On June 11th, @InfosecAli and I signed into Proving Grounds and booted up an intermediate PG play machine called My-CMSMS.
Tag: sudo
April 29, 2022
Proving Grounds DC4 Writeup
DC-4 is the fourth machine in the DC series on Vulnhub and the third available in OffSec’s Proving Grounds Play. S1ren did a live stream on twitch.tv explaining this machine and the recording is on YouTube. If you are looking for DC3, I will be uploading a post later. Currently I host my target on VMware machines and DC3 was not working well. I plan on switching to virtualbox with a different computer soon.
April 8, 2022
Proving Grounds DC2 Writeup
DC-2 is the second machine in the DC series on Vulnhub. In my DC-1 writeup I mentioned S1ren’s walkthrough streams on Twitch.tv and how the videos are recorded on Youtube. S1ren’s DC-2 walkthrough is in the same playlist.
Something new as of creating this writeup is that Offensive Security is now offering some of the DC machines on the Proving Grounds. The Proving Grounds offers a free option for anyone to sign up and get 3 hours per day of access to any machine in their “Play” tier.
June 13, 2021
Proving Grounds My-CMSMS Writeup
Full disclosure: I am an Offensive Security employee. This My-CMSMS walkthrough is a summary of what I did and learned. Friends from #misec and I completed this challenge together. No company restricted resources were used. Creating walkthroughs for Proving Grounds (PG) Play machines is allowed for anyone to publish. However, PG Practice machines from the paid tier, are not permitted to have public walkthroughs posted.
On June 11th, @InfosecAli and I signed into Proving Grounds and booted up an intermediate PG play machine called My-CMSMS.
Tag: web attack
April 29, 2022
Proving Grounds DC4 Writeup
DC-4 is the fourth machine in the DC series on Vulnhub and the third available in OffSec’s Proving Grounds Play. S1ren did a live stream on twitch.tv explaining this machine and the recording is on YouTube. If you are looking for DC3, I will be uploading a post later. Currently I host my target on VMware machines and DC3 was not working well. I plan on switching to virtualbox with a different computer soon.
April 8, 2022
Proving Grounds DC2 Writeup
DC-2 is the second machine in the DC series on Vulnhub. In my DC-1 writeup I mentioned S1ren’s walkthrough streams on Twitch.tv and how the videos are recorded on Youtube. S1ren’s DC-2 walkthrough is in the same playlist.
Something new as of creating this writeup is that Offensive Security is now offering some of the DC machines on the Proving Grounds. The Proving Grounds offers a free option for anyone to sign up and get 3 hours per day of access to any machine in their “Play” tier.
April 5, 2022
Vulnhub DC1 Writeup
S1ren from Offensive Security has taken on the task of regularly streaming Vulnhub machines on Twitch.tv at OffSecOfficial. She is hacking one machine a week from Vulnhub and bringing her viewers along for an interactive experience. Viewers can comment during the stream to suggest things to enumerate, exploit, or take note of as well as ask any questions. I’ve started to attempt the machines each week and record notes as I go.
June 13, 2021
Proving Grounds My-CMSMS Writeup
Full disclosure: I am an Offensive Security employee. This My-CMSMS walkthrough is a summary of what I did and learned. Friends from #misec and I completed this challenge together. No company restricted resources were used. Creating walkthroughs for Proving Grounds (PG) Play machines is allowed for anyone to publish. However, PG Practice machines from the paid tier, are not permitted to have public walkthroughs posted.
On June 11th, @InfosecAli and I signed into Proving Grounds and booted up an intermediate PG play machine called My-CMSMS.
Tag: wpscan
April 8, 2022
Proving Grounds DC2 Writeup
DC-2 is the second machine in the DC series on Vulnhub. In my DC-1 writeup I mentioned S1ren’s walkthrough streams on Twitch.tv and how the videos are recorded on Youtube. S1ren’s DC-2 walkthrough is in the same playlist.
Something new as of creating this writeup is that Offensive Security is now offering some of the DC machines on the Proving Grounds. The Proving Grounds offers a free option for anyone to sign up and get 3 hours per day of access to any machine in their “Play” tier.
Tag: metasploit
April 5, 2022
Vulnhub DC1 Writeup
S1ren from Offensive Security has taken on the task of regularly streaming Vulnhub machines on Twitch.tv at OffSecOfficial. She is hacking one machine a week from Vulnhub and bringing her viewers along for an interactive experience. Viewers can comment during the stream to suggest things to enumerate, exploit, or take note of as well as ask any questions. I’ve started to attempt the machines each week and record notes as I go.
Tag: SUID
April 5, 2022
Vulnhub DC1 Writeup
S1ren from Offensive Security has taken on the task of regularly streaming Vulnhub machines on Twitch.tv at OffSecOfficial. She is hacking one machine a week from Vulnhub and bringing her viewers along for an interactive experience. Viewers can comment during the stream to suggest things to enumerate, exploit, or take note of as well as ask any questions. I’ve started to attempt the machines each week and record notes as I go.
Tag: Vulnhub
April 5, 2022
Vulnhub DC1 Writeup
S1ren from Offensive Security has taken on the task of regularly streaming Vulnhub machines on Twitch.tv at OffSecOfficial. She is hacking one machine a week from Vulnhub and bringing her viewers along for an interactive experience. Viewers can comment during the stream to suggest things to enumerate, exploit, or take note of as well as ask any questions. I’ve started to attempt the machines each week and record notes as I go.
Tag: default creds
June 13, 2021
Proving Grounds My-CMSMS Writeup
Full disclosure: I am an Offensive Security employee. This My-CMSMS walkthrough is a summary of what I did and learned. Friends from #misec and I completed this challenge together. No company restricted resources were used. Creating walkthroughs for Proving Grounds (PG) Play machines is allowed for anyone to publish. However, PG Practice machines from the paid tier, are not permitted to have public walkthroughs posted.
On June 11th, @InfosecAli and I signed into Proving Grounds and booted up an intermediate PG play machine called My-CMSMS.
Tag: evil-winrm
July 9, 2020
HackTheBox Sauna Writeup
Sauna is another “easy” Windows machine on HackTheBox. However I definitely fell down my fair share of rabbit holes on this one. There’s a static website hosted here, so I thought it’d start with a web shell. However, this box turned out to to be entire about domains and LDAP. Which I have very little experience with to date. While this blog may sound like a straight path, it’s well edited to be stream lined.
Tag: impacket
July 9, 2020
HackTheBox Sauna Writeup
Sauna is another “easy” Windows machine on HackTheBox. However I definitely fell down my fair share of rabbit holes on this one. There’s a static website hosted here, so I thought it’d start with a web shell. However, this box turned out to to be entire about domains and LDAP. Which I have very little experience with to date. While this blog may sound like a straight path, it’s well edited to be stream lined.
Tag: kali
July 9, 2020
HackTheBox Sauna Writeup
Sauna is another “easy” Windows machine on HackTheBox. However I definitely fell down my fair share of rabbit holes on this one. There’s a static website hosted here, so I thought it’d start with a web shell. However, this box turned out to to be entire about domains and LDAP. Which I have very little experience with to date. While this blog may sound like a straight path, it’s well edited to be stream lined.
July 4, 2020
HackTheBox Remote Writeup
Remote was a fun windows box to hack. This is my second active target on HTB. My first was Traceback. Check that out for a similar web based exercise on Linux. Remote starts with a web vulnerability but requires finding credentials in a public share. DLL Hijacking is required to get a system shell.
Lessons learned: Mounting a public windows share Exploit modifications – changing python code for a web exploit DLL Hijacking for privilege escalation Information gathering An initial nmap scan reveals some listening services.
May 3, 2020
HackTheBox Traceback Write-up
Thanks to a zoom call with members of PA Hackers. I fully exploited my first active HTB machine where I got points for my effort. To celebrate getting root, here’s my write-up. I learned quite a lot with this machine. It introduced me to new PHP web shells and message of the day (motd) privilege escalation.
Lessons Learned Open Source INTelligence (OSINT) refresher with Google and Github PHP web shell alternatives to php-reverse-shell.
February 26, 2020
What is Updog?
Friends among my various hacker spaces have shared links to a new tool called Updog created by Sc0tfree. A python3 implementation of an HTTP server that is intended to replace Python2’s SimpleHTTPServer module. I had to test it out myself and these are my opinions. In many hacker training courses, it is vital to be able to host your tools on a web server to download them onto target machines. One example would be to download a network scanning tool once you’ve gained a shell on the first machine of a target network.
January 13, 2020
Picat's Podcast: Episode 6
In this hour long podcast episode, I reviewed a lot of what I’ve done and what my current projects are. For this year, my goals are to get the OSCP and find a position at Offensive Security that is in the information security realm instead of development. Apart from studying, I’m also trying to help the Kali team with getting official cloud versions available on AWS and Azure with each new Kali release.
Tag: kerberos
July 9, 2020
HackTheBox Sauna Writeup
Sauna is another “easy” Windows machine on HackTheBox. However I definitely fell down my fair share of rabbit holes on this one. There’s a static website hosted here, so I thought it’d start with a web shell. However, this box turned out to to be entire about domains and LDAP. Which I have very little experience with to date. While this blog may sound like a straight path, it’s well edited to be stream lined.
Tag: mimikatz
July 9, 2020
HackTheBox Sauna Writeup
Sauna is another “easy” Windows machine on HackTheBox. However I definitely fell down my fair share of rabbit holes on this one. There’s a static website hosted here, so I thought it’d start with a web shell. However, this box turned out to to be entire about domains and LDAP. Which I have very little experience with to date. While this blog may sound like a straight path, it’s well edited to be stream lined.
Tag: winPEAs
July 9, 2020
HackTheBox Sauna Writeup
Sauna is another “easy” Windows machine on HackTheBox. However I definitely fell down my fair share of rabbit holes on this one. There’s a static website hosted here, so I thought it’d start with a web shell. However, this box turned out to to be entire about domains and LDAP. Which I have very little experience with to date. While this blog may sound like a straight path, it’s well edited to be stream lined.
Tag: DLL hijacking
July 4, 2020
HackTheBox Remote Writeup
Remote was a fun windows box to hack. This is my second active target on HTB. My first was Traceback. Check that out for a similar web based exercise on Linux. Remote starts with a web vulnerability but requires finding credentials in a public share. DLL Hijacking is required to get a system shell.
Lessons learned: Mounting a public windows share Exploit modifications – changing python code for a web exploit DLL Hijacking for privilege escalation Information gathering An initial nmap scan reveals some listening services.
Tag: web shell
July 4, 2020
HackTheBox Remote Writeup
Remote was a fun windows box to hack. This is my second active target on HTB. My first was Traceback. Check that out for a similar web based exercise on Linux. Remote starts with a web vulnerability but requires finding credentials in a public share. DLL Hijacking is required to get a system shell.
Lessons learned: Mounting a public windows share Exploit modifications – changing python code for a web exploit DLL Hijacking for privilege escalation Information gathering An initial nmap scan reveals some listening services.
May 3, 2020
HackTheBox Traceback Write-up
Thanks to a zoom call with members of PA Hackers. I fully exploited my first active HTB machine where I got points for my effort. To celebrate getting root, here’s my write-up. I learned quite a lot with this machine. It introduced me to new PHP web shells and message of the day (motd) privilege escalation.
Lessons Learned Open Source INTelligence (OSINT) refresher with Google and Github PHP web shell alternatives to php-reverse-shell.
Tag: OSINT
May 3, 2020
HackTheBox Traceback Write-up
Thanks to a zoom call with members of PA Hackers. I fully exploited my first active HTB machine where I got points for my effort. To celebrate getting root, here’s my write-up. I learned quite a lot with this machine. It introduced me to new PHP web shells and message of the day (motd) privilege escalation.
Lessons Learned Open Source INTelligence (OSINT) refresher with Google and Github PHP web shell alternatives to php-reverse-shell.
Tag: gaming
April 30, 2020
Starting a Minecraft server
I’ve had a love hate relationship with Minecraft since I bought the beta when I was in highschool 2011. Throughout the years I’ve played countless local games, and joined others online in public servers. Over the last decade, I cycled through playing, getting mad at myself for not being productive, and taking a break. Lately I’ve been watching Hermitcraft more than playing or working combined. To convince myself I was being productive, I told myself starting a Minecraft server to play with friends and family would be a worthwhile systems administration and security project.
Tag: python3
February 26, 2020
What is Updog?
Friends among my various hacker spaces have shared links to a new tool called Updog created by Sc0tfree. A python3 implementation of an HTTP server that is intended to replace Python2’s SimpleHTTPServer module. I had to test it out myself and these are my opinions. In many hacker training courses, it is vital to be able to host your tools on a web server to download them onto target machines. One example would be to download a network scanning tool once you’ve gained a shell on the first machine of a target network.
Tag: web server
February 26, 2020
What is Updog?
Friends among my various hacker spaces have shared links to a new tool called Updog created by Sc0tfree. A python3 implementation of an HTTP server that is intended to replace Python2’s SimpleHTTPServer module. I had to test it out myself and these are my opinions. In many hacker training courses, it is vital to be able to host your tools on a web server to download them onto target machines. One example would be to download a network scanning tool once you’ve gained a shell on the first machine of a target network.
Tag: podcast
January 13, 2020
Picat's Podcast: Episode 6
In this hour long podcast episode, I reviewed a lot of what I’ve done and what my current projects are. For this year, my goals are to get the OSCP and find a position at Offensive Security that is in the information security realm instead of development. Apart from studying, I’m also trying to help the Kali team with getting official cloud versions available on AWS and Azure with each new Kali release.
Tag: youtube
January 13, 2020
Picat's Podcast: Episode 6
In this hour long podcast episode, I reviewed a lot of what I’ve done and what my current projects are. For this year, my goals are to get the OSCP and find a position at Offensive Security that is in the information security realm instead of development. Apart from studying, I’m also trying to help the Kali team with getting official cloud versions available on AWS and Azure with each new Kali release.
Tag: 2019
January 4, 2020
2019 in review
Another year, maybe decade, has come and gone and it’s time for me to review 2019. I realize I have not blogged consistently and that’s due to a couple different reasons. Work is busy, I burned out while studying, and there are some personal changes in my life. All that said, not much has changed my priorities. I still want to learn to be a better hacker and to give back to the community that gave me so much.
Tag: year-in-review
January 4, 2020
2019 in review
Another year, maybe decade, has come and gone and it’s time for me to review 2019. I realize I have not blogged consistently and that’s due to a couple different reasons. Work is busy, I burned out while studying, and there are some personal changes in my life. All that said, not much has changed my priorities. I still want to learn to be a better hacker and to give back to the community that gave me so much.
Tag: password
March 16, 2019
Replacing a forgotten WordPress password
What is the best part of creating a new blog? You create everything, move content, and then get back to the daily grind. Come back to write the next post and, wait, what did I set as the WordPress password? Looks like we’re going to have to overwrite the hash in the database.
<pre class="wp-block-code">``` mysql> SELECT ID, user_login, user_pass FROM wp_users; +----+------------+------------------------------------+ | ID | user_login | user_pass | +----+------------+------------------------------------+ | 1 | admin | $P$BThiRip7s2lXh/PBVW7yFnKbQWvDtc0 | +----+------------+------------------------------------+ Here’s the problem though, we need to know how WordPress hash passwords in version 5.
Tag: WordPress
March 16, 2019
Replacing a forgotten WordPress password
What is the best part of creating a new blog? You create everything, move content, and then get back to the daily grind. Come back to write the next post and, wait, what did I set as the WordPress password? Looks like we’re going to have to overwrite the hash in the database.
<pre class="wp-block-code">``` mysql> SELECT ID, user_login, user_pass FROM wp_users; +----+------------+------------------------------------+ | ID | user_login | user_pass | +----+------------+------------------------------------+ | 1 | admin | $P$BThiRip7s2lXh/PBVW7yFnKbQWvDtc0 | +----+------------+------------------------------------+ Here’s the problem though, we need to know how WordPress hash passwords in version 5.
Tag: Exploitation
November 15, 2017
Online Brute Forcing 101
A good friend once mentioned how cool it’d be to practice brute forcing for a website login. I created a simple web page with a login form. Incorrect logins display a red error message while successful logins show the rest of the web page. There’s no database or complex code behind the webpage. It simply hashes the user input and compares it to a stored value.
Before we continue, I must make it blatantly obvious that hacking any online service without consent could land you in a lot of trouble.
Tag: regex
September 2, 2017
PHP Regex tutorial
Have you ever wondered how web applications do validation on forms? How does the app know when your input is really an email address? In most PHP applications, this is done using regular expressions (Regex).
I’ve previously posted about how to defend against XSS and SQL injection. Checking strings with a white list of allowed characters is one of the easiest changes a developer can make. Regex makes this easy in most programming languages.
Tag: HPKP
August 27, 2017
Do not waste your time with HPKP
This is my last post related to HTTP Public Key Pinning (HPKP). This is a post in response to Scott Helme’s latest post about him giving up on HPKP and how my blog is a perfect example of his concerns.
In the past I’ve written three articles about the HPKP header:
Testing HPKP headers Adding HPKP headers HPKP.. Public Key Pinning? The point of each of these articles are pretty well summed up in their titles.
April 22, 2016
Testing HPKP Headers
Over the last two weeks, I’ve posting a lot about HTTP Public Key Pinning. This will be my last post about it, I want to focus on testing HPKP. If you don’t know what HPKP is, read the first post. To learn how to add those headers, read the second post.
I’ve had to spend a lot of time trying to figure out how to properly test these headers. In theory, this is how it should work.
April 15, 2016
Adding a HPKP Header
Before we try to add a HPKP header, let’s review from last week. I made a post about what HTTP public key pinning is. It’s a fingerprint that browsers use to compare certificates can warn the user if the certificate is from a different source, even if it’s trusted or from the same server. If that doesn’t make sense, check out the link to the previous post.
Public-Key-Pins A Public-Key-Pins header looks like this:
Tag: Vulnerability Analysis
May 25, 2017
Breaking My Blog with WPscan
One of the tools offered by default in Kali and many other hacking related distros is WPscan, a black box WordPress vulnerability scanner. I wanted to learn how to use this tool because it would help with recon on CTF challenges, practice boxes from vulnhub, and even trying to keep my own blog vulnerability free.
Disclaimer Before I tell you more about the tool and how it can be used, I have to throw out the usual disclaimer.
Tag: IRC
December 1, 2016
Setting up Slack for MiSec
Some time last year, I wrote a post about setting up an IRC client on my VM. The idea was that since it’s always online, I’d always have the chat history for the #misec IRC channel. That way I’d never miss a mention or interesting conversation.
Since then, a lot has changed and I don’t connect to that machine as much as I used to. I had to restart it a few times so the “always online” theory quickly fizzled out as well.
July 29, 2015
Found a group, sticking with it.
GrrCon 2015 is in October, it’ll be a great conference with a lot of talks. It’s the first con I’ll be able to attend. The tickets are a little expensive and I was unsure about going since this would be my first conference… Not to mention I’m still trying to get through college and I’m tight on money. So of course, I’m volunteering! I’ll be working my butt off to get you the best Con possible while making all the connections I can.
Tag: Slack
December 1, 2016
Setting up Slack for MiSec
Some time last year, I wrote a post about setting up an IRC client on my VM. The idea was that since it’s always online, I’d always have the chat history for the #misec IRC channel. That way I’d never miss a mention or interesting conversation.
Since then, a lot has changed and I don’t connect to that machine as much as I used to. I had to restart it a few times so the “always online” theory quickly fizzled out as well.
Tag: OverTheWire
May 19, 2016
OverTheWire: Leviathan
Hello everyone, thanks for looking at my last post about OverTheWire: Bandit. Since my traffic is about x10 my average consistently for the last four days, I wanted to write a follow up post about the next wargame offered by OverTheWire, Leviathan.
All over the exercises, they say to not post walkthroughs or writeups, so I won’t. I will do my best to promote the project without giving away the important stuff.
May 15, 2016
OverTheWire: Bandit
Hey everyone, this post about Bandit is NOT a walkthrough of the greatest (only) “learn bash hacking” programs I’ve completed. This is NOT going to give you an advantage if you’re looking for cheat codes. This post will hopefully make you click on OverTheWire and want to try it out for yourself.
Why you should try Bandit Do you work with Linux, bash shells, scripts, or ever have to deal with the command line?
Tag: OWASP
December 7, 2015
Exploiting BWA (Broken Web App)
Two posts ago, I wrote a quick post about installing OWASP’s Broken Web App. This post will be about exploiting the BWA and by that I mean I’m sharing my experience following existing proof of concepts and walkthroughs. For example, reported vulnerabilities from sourceforge and video walkthroughs on irongeek.com. This post assumes you have the OWASP BWA virtual machine up and running and that your target VM’s IP address is mapped to owaspbwa.
November 25, 2015
Installing BWA (Broken Web App)
OWASP Broken Web App (BWA) is a safe place to practice some fun stuff and is basically a collection of applications to test everything security related. OWASP has a few projects like Web Goat, Security Shepherd, and more. Broken Web Apps is a collection of these guides and some outdated apps to test your developing skills.
Install All The Things! In order to set things up, it’s important to have everything you need installed.
February 27, 2015
Step 5: Practice, Practice, Practice
Ok, lets review, we know our basics. We know how to use a computer, we know how to write code, we know what unix systems like Linux are, and we know how to use Unix tools like those provided in Kali.
Wait, I still can’t get into my friends Facebook account, what are we really learning anyways? Well giant corporations like Google or Facebook are hard to hack, especially for people new to hacking like us.
Tag: 2FA
September 16, 2015
Duo Security's 2FA
I hope you’ve been enjoying my posts. I know that writing these posts have been a good outlet for all I have learned over the last few years. This website is hosted on a VM, but it’s still a server that’s vulnerable to your every day hacks. For instance, every day someone pings my server, finds the SSH port and attempts to brute force into it. Now while there’s nothing here for them to steal, there’s still 20GB of free internet storage for whatever they want and the only thing stopping that brute force attack is that they can’t guess my password.