executeatwill
executeatwill

Penetration Analysis & Security Research


  • Home

  • Archives

  • Tags

Spring4shell: Cve 2022 22965

Posted on 2022-04-07

Using remote command execution on vulnerable Java Spring framework which affect a component of framework called “Spring Cloud Functions”. The secondary portion of vulerability affects “Spring Core” which leans on the (Log4Shell) and is named “Spring4Shell”.

Read more »

Tryhackme Wreath Walkthrough

Posted on 2022-04-04

Pivoted through a network and compromising a public facing web machine and proceeding to tunnel traffic to access other machines in Wreath’s network. Focus on full scope penetration test incorporating the Empire C2 Framework.

Read more »

Brim Packet Analysis Suspected Malware Compromise

Posted on 2022-04-01

Using Suricata and Zeek data within BRIM to analyze a suspected malware compromise to a device on the network with no initial information to go off. Discovering the compromised machine along with the attacker’s devices within data streams. Deep dive into packet analyses.

Read more »

Cryptography Padding Oracle Attacks

Posted on 2022-01-28

Stepping through understanding padding on block cipher algorithms AES, 3DES in Electronic Code Block (ECB and Cipher Block Chaining (CBC) modes. Decryption of session cookie is of a vulnerable webapps via Oracle Attack.

Read more »

Flaws2.cloud Walkthrough

Posted on 2022-01-20

Continuing Cloud Pentesting the second version of flaws included tactics for engaging AWS cloud infrastructure. Identify AWS Services, Container Environment Variables and accessing Metadata Services.

Read more »

Flaws.cloud Walkthrough

Posted on 2022-01-17

Cloud pentesting using the AWS platform and flaws web series to work through insecure S3 Buckets, Authentication, Metadata Services and accessing EC2 Instances.

Read more »

Tryhackme Solar Exploiting Log4j

Posted on 2021-12-22

With CVE-2021-44228 vulerability (Log4Shell) posing a major threat to Java applications hosted on the internet with a CVSS score of 10.0 critical designation. Remote code execution can be accomplished by taking advantage of a Java Naming and Directory Interface (JNDI) within Log4j logging packages. Solar provides a test scenairo for exploitation of vulnerability.

Read more »

Targeting Oscp A Journey Into The Void

Posted on 2020-10-17

Journey and review of accomplishing the Offensive Security Certified Professional Exam (OSCP). Documenting the ups and downs creating an attack plan and colminating in achievement.

Read more »

Tryhackme Corp Walkthrough

Posted on 2020-04-20

Bypass AppLocker whitelisting and capture Kerberos tickets to escalate attack. Technical walkthrough of completing Corp Room on the TryHackMe platform.

Read more »

Tryhackme Lfi Walkthrough

Posted on 2020-04-18

Local File Inclusion vulnerabilieis entail when a user inputs contains a file path which results in retrieval of unintended system files via a web service.

Read more »
1 2 … 5
Will M.

Will M.

Pentester - Cybersecurity Fighter Pilot

44 posts
GitHub Twitter
© 2022 Will M.
Powered by Jekyll
Theme - NexT.Muse