Continuing Cloud Pentesting the second version of flaws included tactics for engaging AWS cloud infrastructure. Identify AWS Services, Container Environment Variables and accessing Metadata Services.
Cloud pentesting using the AWS platform and flaws web series to work through insecure S3 Buckets, Authentication, Metadata Services and accessing EC2 Instances.
With CVE-2021-44228 vulerability (Log4Shell) posing a major threat to Java applications hosted on the internet with a CVSS score of 10.0 critical designation. Remote code execution can be accomplished by taking advantage of a Java Naming and Directory Interface (JNDI) within Log4j logging packages. Solar provides a test scenairo for exploitation of vulnerability.
Journey and review of accomplishing the Offensive Security Certified Professional Exam (OSCP). Documenting the ups and downs creating an attack plan and colminating in achievement.
Bypass AppLocker whitelisting and capture Kerberos tickets to escalate attack. Technical walkthrough of completing Corp Room on the TryHackMe platform.
Local File Inclusion vulnerabilieis entail when a user inputs contains a file path which results in retrieval of unintended system files via a web service.
Exploited Jenkins gained an initial shell, then escalated privileges by exploiting Windows authentication tokens. Deployment of meterpreter with web_delivery.
Post enumeration of lab with credentials/hashes captured. Overview of PowerView and Bloodhound setup/usage.
Tutorial on hacking wireless access points to include capture handshakes and crackings .cap files.
Detailed overview of the OWASP Top 10 utilizing OWASP Juiceshop VM to cover application vulnerabilities.