š š SANS 2022 Holiday Hack Challenge (HHC) - KringleCon 5
Every year the SANS Institute and the Counter Hack Team hosts a āHoliday Hack Challengeā also commonly referred to as HHC. In December 2022, I successfully c...
Browse
- CTF 26
- HTB 19
- HHC 5
- RE 2
- Analysis 2
- Defcon 1
- OSCP 1
- Pentest 1
- Tutorial 1
- JavaRAT 1
- STRRAT 1
- Adwind 1
- Java 1
- Strigoi 1
- Cheatsheet 1
- DFIR 1
- Redline 1
- Credential 1
- Harvest 1
- RAT 1
- Random 1
- Miscellaneous 1
CTF
š š SANS 2021 Holiday Hack Challenge (HHC) - KringleCon 4
Every year the SANS Institute and the Counter Hack Team hosts a āHoliday Hack Challengeā also commonly referred to as HHC. In December 2021, I successfully c...
Practical Malware Analysis - Lab Write-up
This details reverse engineering activities and answers for labs contained in the book āPractical Malware Analysisā by Michael Sikorski and Andrew Honig, whi...
š š SANS 2020 Holiday Hack Challenge (HHC) - KringleCon 3
Every year the SANS Institute and the Counter Hack Team hosts a āHoliday Hack Challengeā also commonly referred to as HHC. In December 2020, I successfully c...
2019 Defcon DFIR CTF Write-up
The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...
Hack The Box - Querier
Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...
Hack The Box - Bastion
Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...
Hack The Box - Netmon
Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...
š š SANS 2018 Holiday Hack Challenge (HHC) - Kringlecon
Every year the SANS Institute and the Counter Hack Team hosts a āHoliday Hack Challengeā also commonly referred to as HHC. In January 2019, I successfully co...
Hack The Box - Irked
This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...
š š SANS 2019 Holiday Hack Challenge (HHC) - KringleCon 2
Every year the SANS Institute and the Counter Hack Team hosts a āHoliday Hack Challengeā also commonly referred to as HHC. In December 2019, I successfully c...
Hack The Box - Ypuffy
This machine was quite interesting, and contained a privilege escalation method Iād not seen mentioned elsewhere. Luckily this was confined to the challenge,...
Hack The Box - Waldo
This machine was interesting, starting with directory traversal and LFI vulnerabilities, it then exploits a feature not commonly known which is supposed to b...
Hack The Box - Zipper
This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...
Hack The Box - Carrier
This machine had some interesting elements to it and really made you think outside of the box. It incorporated a number of elements which you wouldnāt typica...
Hack The Box - Curling
This machine had some CTF elements to it, but overall wasnāt that difficult to complete through proper enumeration. It highlights some issues which may be pr...
Hack The Box - Help
Help was an interesting machine which appeared to have multiple ways of gaining access and elevating privileges. In the end it contained elements of graphql,...
Hack The Box - Active
This machine was fairly straight forward and mimicked something youād unfortunately expect to see even today in a typical penetration test. All in all itās a...
Hack The Box - Access
This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...
Hack The Box - Jerry
Jerry would have to be one of the easiest machines Iāve ever compromised on Hack The Box. This involved using legitimate credentials to log onto an Apache To...
Hack The Box - Dev0ops
Dev0ops highlighted issues with weakly configured XML parsers which lead to an XXE vulnerability, and developer error which lead to SSH keys in commit revisi...
Hack The Box - Solidstate
This machine contained a fairly straightforward SMTP vulnerability which didnāt even need to be exploited to fully compromise the machine. It is an essential...
Hack The Box - Chatterbox
Chatterbox was a reasonably simple machine which required exploiting a vulnerable āAchatā service with custom shellcode, and then migrating to a more stable ...
Hack The Box - Jeeves
Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...
Hack The Box - Bashed
Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...
Hack The Box - Blue
Blue is definitely one of the shortest boxes in Hack The Box history. As the name suggests all that was required to fully compromise this machine was MS17-01...
HTB
Hack The Box - Querier
Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...
Hack The Box - Bastion
Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...
Hack The Box - Netmon
Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...
Hack The Box - Irked
This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...
Hack The Box - Ypuffy
This machine was quite interesting, and contained a privilege escalation method Iād not seen mentioned elsewhere. Luckily this was confined to the challenge,...
Hack The Box - Waldo
This machine was interesting, starting with directory traversal and LFI vulnerabilities, it then exploits a feature not commonly known which is supposed to b...
Hack The Box - Zipper
This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...
Hack The Box - Carrier
This machine had some interesting elements to it and really made you think outside of the box. It incorporated a number of elements which you wouldnāt typica...
Hack The Box - Curling
This machine had some CTF elements to it, but overall wasnāt that difficult to complete through proper enumeration. It highlights some issues which may be pr...
Hack The Box - Help
Help was an interesting machine which appeared to have multiple ways of gaining access and elevating privileges. In the end it contained elements of graphql,...
Hack The Box - Active
This machine was fairly straight forward and mimicked something youād unfortunately expect to see even today in a typical penetration test. All in all itās a...
Hack The Box - Access
This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...
Hack The Box - Jerry
Jerry would have to be one of the easiest machines Iāve ever compromised on Hack The Box. This involved using legitimate credentials to log onto an Apache To...
Hack The Box - Dev0ops
Dev0ops highlighted issues with weakly configured XML parsers which lead to an XXE vulnerability, and developer error which lead to SSH keys in commit revisi...
Hack The Box - Solidstate
This machine contained a fairly straightforward SMTP vulnerability which didnāt even need to be exploited to fully compromise the machine. It is an essential...
Hack The Box - Chatterbox
Chatterbox was a reasonably simple machine which required exploiting a vulnerable āAchatā service with custom shellcode, and then migrating to a more stable ...
Hack The Box - Jeeves
Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...
Hack The Box - Bashed
Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...
Hack The Box - Blue
Blue is definitely one of the shortest boxes in Hack The Box history. As the name suggests all that was required to fully compromise this machine was MS17-01...
HHC
š š SANS 2022 Holiday Hack Challenge (HHC) - KringleCon 5
Every year the SANS Institute and the Counter Hack Team hosts a āHoliday Hack Challengeā also commonly referred to as HHC. In December 2022, I successfully c...
š š SANS 2021 Holiday Hack Challenge (HHC) - KringleCon 4
Every year the SANS Institute and the Counter Hack Team hosts a āHoliday Hack Challengeā also commonly referred to as HHC. In December 2021, I successfully c...
š š SANS 2020 Holiday Hack Challenge (HHC) - KringleCon 3
Every year the SANS Institute and the Counter Hack Team hosts a āHoliday Hack Challengeā also commonly referred to as HHC. In December 2020, I successfully c...
š š SANS 2018 Holiday Hack Challenge (HHC) - Kringlecon
Every year the SANS Institute and the Counter Hack Team hosts a āHoliday Hack Challengeā also commonly referred to as HHC. In January 2019, I successfully co...
š š SANS 2019 Holiday Hack Challenge (HHC) - KringleCon 2
Every year the SANS Institute and the Counter Hack Team hosts a āHoliday Hack Challengeā also commonly referred to as HHC. In December 2019, I successfully c...
RE
Redline Stealer - Malware Analysis Lab
Analysis of the malware Redline Stealer.
STRRAT (Strigoi) - Malware Analysis Lab
Analysis of the malware STRRAT.
Analysis
Redline Stealer - Malware Analysis Lab
Analysis of the malware Redline Stealer.
STRRAT (Strigoi) - Malware Analysis Lab
Analysis of the malware STRRAT.
Defcon
2019 Defcon DFIR CTF Write-up
The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...
OSCP
OSCP and Penetration Testing
Cyber Security resources for OSCP and penetration testing.
Pentest
OSCP and Penetration Testing
Cyber Security resources for OSCP and penetration testing.
Tutorial
Practical Malware Analysis - Lab Write-up
This details reverse engineering activities and answers for labs contained in the book āPractical Malware Analysisā by Michael Sikorski and Andrew Honig, whi...
JavaRAT
STRRAT (Strigoi) - Malware Analysis Lab
Analysis of the malware STRRAT.
STRRAT
STRRAT (Strigoi) - Malware Analysis Lab
Analysis of the malware STRRAT.
Adwind
STRRAT (Strigoi) - Malware Analysis Lab
Analysis of the malware STRRAT.
Java
STRRAT (Strigoi) - Malware Analysis Lab
Analysis of the malware STRRAT.
Strigoi
STRRAT (Strigoi) - Malware Analysis Lab
Analysis of the malware STRRAT.
Cheatsheet
Digital Forensics and Incident Response
Cheatsheet containing a variety of commands and concepts relating to digital forensics and incident response.
DFIR
Digital Forensics and Incident Response
Cheatsheet containing a variety of commands and concepts relating to digital forensics and incident response.
Redline
Redline Stealer - Malware Analysis Lab
Analysis of the malware Redline Stealer.
Credential
Redline Stealer - Malware Analysis Lab
Analysis of the malware Redline Stealer.
Harvest
Redline Stealer - Malware Analysis Lab
Analysis of the malware Redline Stealer.
RAT
Redline Stealer - Malware Analysis Lab
Analysis of the malware Redline Stealer.
Random
Nuggets of Knowledge
Place to capture random social media posts which Iāve made, and capture various pieces of shared knowledge which proved popular.
Miscellaneous
Nuggets of Knowledge
Place to capture random social media posts which Iāve made, and capture various pieces of shared knowledge which proved popular.