mRr3b00ts Pentest Plus Study Notebook

I created a PDF notebook a while ago when I decided on a whim to to the Pentest+. I have quite a few people ask me about getting into cyber security and well, you know when I was younger this stuff was just called IT mainly (IT + Infosec) so I thought let’s go test out the Pentest+. I did the course and exam in a week (whilst writing the notebook) (don’t think that’s a good idea but my objectives were more to make sure if I think it’s any good or not). Pleased to say I thought the course was good (I used pluralsight at 1.x speed) and the exam was fun (for an exam).

Hopefully this helps people explore the some of the world of offensive security and appsec. Read more “mRr3b00ts Pentest Plus Study Notebook” →

CTF

Abusing AdminSDHolder to enable a Domain Backdoor

If we have high privilege access to a domain, we will likely want to establish persistence with high privilege access. One mechanism to do this is to assign ourselves permissions to the adminSDHolder object in active directory:

Here we have the default adminSDHolder permissions. We are going to add our user “low” in here with modify or full control permissions: Read more “Abusing AdminSDHolder to enable a Domain Backdoor” →

CTF

How to Identify Hashes

Some hashes are obvious but even then, it’s a good job to check. There are a few ways to check a hash outside of manual validation.

Using the Hashcat example list:

https://hashcat.net/wiki/doku.php?id=example_hashes

Using hash-identifier:

https://github.com/blackploit/hash-identifier

Using cyberchef Analyse hash:

https://gchq.github.io/CyberChef/#recipe=Analyse_hash()

Using hash-id:

https://github.com/psypanda/hashID

Using HashTag:

https://github.com/SmeegeSec/HashTag

As you can see there are range of tools available to you, and remember if you want to keep the hashes to yourself you can download Cyberchef and run it locally!

Guides

Cracking an SSH key with John the Ripper (JTR)

This is a super-fast blog to show how to crack sshkeys with JohnTheRipper from Kali VM.

Create a key

Defense

Penetration Testing

Overview

Penetration testing is the activity of conducting security testing with the aim of identifying and exploiting vulnerabilities to identify strengths and weaknesses. I include strengths because I believe it’s important for security testing to promote both positive and negative findings. I also think that there is a huge mis conception with what penetration is, what it helps with and how to best get value from a penetration test.

My definition isn’t too far from the NCSC one: https://www.ncsc.gov.uk/information/check-penetration-testing

A penetration test is a security assurance activity, but it’s one of many activities that I recommend people conduct. This is however largely only adopted by the few, for many a penetration test is a compliance tick box, either from a regulatory or contractual requirement.

When looking at a system a penetration test is not usually the most efficient starting point, especially if it’s from a black box perspective. Read more “Penetration Testing” →