I rarely get a chance to play HTB these days 🙁 but today I thought i’d get back on it.. then I had a three hour battle with a graphics driver and Vmware Workstation so that basically ruined that idea…. but I thouht I’d try and remember how to CTF again.. and boy do you get slow fast! Well to try and help people and myself I’ve started to write down some notes to get my mind back into the CTF world of HTB!
Setup & Scope
Ok this is the setup phase. Let’s grab the details
- Take note of the machine name
- Remember most boxes are called .htb or .htb.local
- There’s not an “internet” dns inside the arena so you need to update hosts files
- Take note of the box author
- This is useful for OSINT
- Take note of the IP
- This is your scope
- Take note of the OS version
- Get you digital notebook ready
What is a threat?
According to those clever people at NIST it is:
“Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability.” Read more “Threat Modelling 101”
Back in 2019 I started to make some materials to help people with some basic offensive security techniques. I made three eppisodes of training materials. Well I’ve decided to re-release these, they haven’t really been changed but I’ve updated a few graphics on episode 3 and removed a link to Cain and Abel because it’s no longer maintained. I will probably go through these at some point and re-factor them.
I’ve got more documents on active directory security, I’ve actually written hundreds of pages on the subject but the challenge I’ve had is there is just so much to write, so I’ve decided I’m going to chunk it up into small blogs on a specific technique or area.Read more “Hacking 101”
Getting my agent on!
Today we look at a vulnerable web application room based upon the Hitman series!
This is a fun room where we see an old but common vulnerability in untrusted user input lead to sensitive information disclosure (hashed credentials) which results in a threat actor gaining initial access. From here we then discover there is a weak security configuration (in effective network segmentation) and a vulnerable unpatched service. This chain leads to total system compromise. Read more “Try Hack Me: Part 5 – Game Zone”
Capture all the things!
Capture the Flag (CTF) games seem to be all the rage now! I mean, I’m not complaining, I’ve been using these for years now and I’ve been building games for about a year so I’m super excited they are more popular, but popular != great. Read more “Thinking of building a Capture the Flag game?”
Apt this Apt that!
One thing that I found quite hard to deal with when I started using Linux coming from a Windows background was the package manager. I thought I would run through some basics here to give people a kick start on their journey!
In the Linux world the operating systems have repositories that are maintained, think of this like the windows update catalogue (but it includes way more). Here we have all the OS files (packages) and application (packages). Read more “Basic Package Management in Kali Linux”
‘Red Teaming’ the latest phrase in the cyber security world that brings a shudder down my spine! Now don’t get me wrong, adversary simulation is awesome, it’s a great tool and when wielded correctly brings massive value to enhancing your security posture… but alas, they aren’t always deployed in a business aligned and value driven position.
They sound ‘sexy’ and any pentester is going to jump at the chance to do one, let alone the sales and marketing teams will be grinning as they will come in with higher revenue but also will increase their case study portfolio for delivered red teams! (I’m not knocking this, it’s the reality of doing business).
Having witnessed a number of these take place against organizations who I don’t feel are ready for them, I thought I would write a piece on things I would recommend having in place before conducting a ‘red team’ assessment. Read more “Things to do before you conduct a ‘red team’ assessment”
Covenant is a .NET c2 (Command & Control) Framework that aims to highlight the attack surface of .NET and aid red teamers! Today I’m going to jump into slip space with a Halo themed blog on my first use of Covenant in the lab. Let’s hope I don’t need Cortana to get this deployed (yes I’m a massive Halo nerd!)
First thing let’s head over to GitHub and check out the install notes:
The architecture seems to look like this:
- Covenant is a server (runs in docker)
- Elite is a client for the server for c2 management (https://cobbr.io/Covenant.html)
- Grunt is the agent
Getting back into it!
Following on in the series from my previous post – My OSCP Diary – Week 1 I continue my offensive security professional certification journey!
So, after a break in my training schedule (pro tip, ask Offensive Security (Offsec) to pause your PWK lab time – I didn’t which was stupid) I’m back into the PWK labs!
The first thing I realised after having ~ 40 days break was taking that long a gap isn’t the best idea (but hey holidays and life have to happen right!) I got back into the lab and looked at my attack Visio blankly for a bit, realising the task ahead of me had a lot of servers still in it!
I think the first box I decided to hit was pain, as its name says this box is not easy as is considered an OSCP boss box, as its name says, it’s painful but quite fun once you have cracked it. Read more “OSCP Week 2”