In the world of software development, we often meet different technologies. Today, I’m excited to share a tool that connects traditional virtual machines and modern containers: the OVA to Docker Converter.
Tryhackme Breaching Active Directory Walkthrough
Walkthrough of Breaching Active Directory on TryHackMe coving topics of Rough LDAP Servers to capture Credentials, Authentication Relays using Responder and Recovering image passwords within PXE Boot Images from Microsoft Deployment Toolkit.
Spring4shell: Cve 2022 22965
Using remote command execution on vulnerable Java Spring framework which affect a component of framework called “Spring Cloud Functions”. The secondary portion of vulerability affects “Spring Core” which leans on the (Log4Shell) and is named “Spring4Shell”.
Tryhackme Wreath Walkthrough
Pivoted through a network and compromising a public facing web machine and proceeding to tunnel traffic to access other machines in Wreath’s network. Focus on full scope penetration test incorporating the Empire C2 Framework.
Brim Packet Analysis Suspected Malware Compromise
Using Suricata and Zeek data within BRIM to analyze a suspected malware compromise to a device on the network with no initial information to go off. Discovering the compromised machine along with the attacker’s devices within data streams. Deep dive into packet analyses.
Cryptography Padding Oracle Attacks
Stepping through understanding padding on block cipher algorithms AES, 3DES in Electronic Code Block (ECB and Cipher Block Chaining (CBC) modes. Decryption of session cookie is of a vulnerable webapps via Oracle Attack.
Flaws2.cloud Walkthrough
Continuing Cloud Pentesting the second version of flaws included tactics for engaging AWS cloud infrastructure. Identify AWS Services, Container Environment Variables and accessing Metadata Services.
Flaws.cloud Walkthrough
Cloud pentesting using the AWS platform and flaws web series to work through insecure S3 Buckets, Authentication, Metadata Services and accessing EC2 Instances.
Tryhackme Solar Exploiting Log4j
With CVE-2021-44228 vulerability (Log4Shell) posing a major threat to Java applications hosted on the internet with a CVSS score of 10.0 critical designation. Remote code execution can be accomplished by taking advantage of a Java Naming and Directory Interface (JNDI) within Log4j logging packages. Solar provides a test scenairo for exploitation of vulnerability.
Targeting Oscp A Journey Into The Void
Journey and review of accomplishing the Offensive Security Certified Professional Exam (OSCP). Documenting the ups and downs creating an attack plan and colminating in achievement.