CTF: Kioptrix 3
This is another OSCP like VulnHub that was very fun to do. I didn't have any issues rooting this one and was able to do it rather quickly.You will get practice with:
nmapmetasploitmysql clientfile privilege escalation
Enumeration
I start off with an arp-scan to find the local machine... and it turns out that my box is 192.168.0.46. Let's get this...
Docker: Parrot OS Security
In an effort to make Parrot OS Security more portable the creators have been experimenting with Docker. They have successfully ported an enormous amount of functionality into a Parrot OS Security Docker image. This will make running Parrot OS Security anywhere possible. Because this is running in a Linux container the graphical user tools will not...
Offensive .NET: C# Reverse Shell
https://www.youtube.com/watch?v=NqwpwusH6WU
Creating a .NET C# reverse shell that is undetectable is very easy. In this example, I'm going to use BankSecurity's reverse shell that I forked. This is a real basic reverse shell. Some of the more advanced code will be obfuscated and do some sort of process injection which would include shellcode.
I'll show you how...
How to Learn Really Fast!
One of the hallmarks of my personality and best traits is that I'm a life-long-self-learner who has mastered and perfected the art of learning technology really fast. I have a very effective way of learning technologies rather quickly. This article is aimed at people who want to continuously grow within the IT-sphere.
Awareness and Finding "The...
Who to follow in InfoSec
As I'm learning InfoSec to further expand my software development career and delve into DevOps I've found some very knowledgeable people to follow in the industry. These people range from penetration testers to OSINT, malware analysis, and ethical hackers.
Penetration Testers / Hackers
Kody Kinzie
This guy is my #1 go-to for learning. Kody is exceptionally committed to...
CTF: HackDay Albania Bank Walkthrough
This CTF challenge is fun and provides a lot of opportunities to work with SQL injection, writeable file abuse and is actually not that difficult but provides a lot of opportunity to practice skill sets. I really enjoyed this one.
Tools & Techniques
nmap, dirbBurp SuiteSQLMapReverse ShellExploiting a writeable file
Enumeration
sudo arp-scan -l
nmap 192.168.0.42
sudo nmap -sV -p- -AO...
Brute Forcing Forms with Hydra
Hydra is more capable than just brute-forcing services, this tool can also brute force web forms.
hydra -v -L mypusers -P /usr/share/wordlists/rockyou.txt -s 8000 127.0.0.1 http-post-form "/login:username=^USER^&password=^PASS^":"F=Failed"
Dirb/DirBuster not returning anything? Change the user-agent.
Some applications can be programmatically set up to deflect penetration testing. In this example, I was using VulnHub: Node and wasn't getting any responses...
Hardening ASP.NET Response Headers (Code)
A reliable way to harden your ASP.NET web application is to remove and skew the response headers via code. This will throw off automated scans that are performing banner grabbing in an attempt to identify vulnerabilities. There are ways to do this in IIS, however, performing this in code means it's applied everywhere that the...
Samy Kamar a security researcher has developed an IoT device that runs a python script called PoisonTap. This is a great article worth reading. It's affordable and can siphon cookies, expose internal routers and install backdoors.
SSH Tunneling
When you need to access a server/client behind a firewall that doesn't allow port forwarding you can use SSH tunneling to bypass that if an SSH server is running. Pivoting is a sneaky technique that hackers use to access computers, servers, and services behind firewalls. These examples will use OpenSSH. I think most examples don't explain this well...
