Certifications, Learning Material, Reviews, Training Labs

Offensive Security Experienced Penetration Tester (OSEP) Review^Featured

Introduction

The Offensive Security Experienced Penetration Tester is an ethical hacking certification offered by Offensive Security that teaches penetration testing techniques with an emphasis on evading security mechanisms , phishing, and attacking Active Directory environments in order to perform advanced penetration tests against mature organizations with an established security function.

It comes with the Evasion Techniques and Breaching Defenses video and PDF course and it’s one of the major advanced certifications in the penetration testing world. In this article I take the time to talk about my personal experience with this course, the learning material and platforms I used to prepare etc.

January 24, 2023 | by Stefano Lanaro | Leave a comment

Certifications, Learning Material, Reviews, Training Labs

My OSCP Journey^Featured

Introduction

The Offensive Security Certified Professional is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution.

It comes with the Penetration Testing with Kali video and PDF course and it’s one of the major certifications in the penetration testing world. In this article I take the time to talk about the journey that brought me to achieving this certification, all of the steps I followed, the learning material and platforms I used to prepare etc.

February 22, 2021 | by Stefano Lanaro | 7 Comments

Certifications, Learning Material, Reviews, Training Labs

Certified Red Team Expert (CRTE) Review

Introduction

Certified Red Team Expert (CRTE) is a penetration testing/red teaming certification and course provided by Altered Security, which is known in the industry for providing great courses and bootcamps.

In this review, I take the time to talk about my experience with this certification, the pros, and cons of enrolling in the course, my thoughts after taking and passing the exam, and a few tips and tricks.

April 16, 2024 | by Stefano Lanaro | Leave a comment

CTF Walkthroughs, TryHackMe

TryHackMe – Nax Walkthrough

Introduction

This was an intermediate Linux machine that required to identify a set of credentials hidden within an image file using the Piet programming language and exploiting a known remote code execution vulnerability in Nagios XI to escalate privileges to root.

April 8, 2024 | by Stefano Lanaro | Leave a comment

Certifications, Learning Material, Reviews, Training Labs

Certified Azure Red Team Professional (CARTP) Review

Introduction

The Certified Azure Red Team Professional is a penetration testing/red teaming certification and course provided by Altered Security, which is known in the industry for providing great courses and bootcamps.

In this review, I take the time to talk about my experience with this certification, the pros, and cons of enrolling in the course, my thoughts after taking and passing the exam, and a few tips and tricks.

December 23, 2023 | by Stefano Lanaro | Leave a comment

Guides, Web

A Complete Guide to Hacking GraphQL

Introduction

I decided to make this guide due to the lack of material on this topic and my own struggles with GraphQL. Its purpose is to provide pentesters with the necessary tools to perform tests against GraphQL implementations. I encourage you to do further research and practice on your own with the references provided at the end.

September 17, 2023 | by Stefano Lanaro | Leave a comment

CTF Walkthroughs, TryHackMe

TryHackMe – DogCat Walkthrough

Introduction

This was an intermediate Linux machine that involved capturing four flags by exploiting local file inclusion (through Apache log poisoning), the env binary with Sudo permissions enabled and a misconfigured cron job which allowed to escape the Docker container and access the underlying system.

February 26, 2022 | by Stefano Lanaro | Leave a comment

CTF Walkthroughs, TryHackMe

TryHackMe – The Marketplace Walkthrough

Introduction

This was an intermediate Linux machine that involved exploiting a stored cross-site scripting and SQL injection vulnerability to gain initial access and misconfigured sudo rules to escalate privileges to Root.

January 27, 2022 | by Stefano Lanaro | Leave a comment

CTF Walkthroughs, VulnHub

VulnHub – Zico 2 Walkthrough

Introduction

This was an easy Linux machine that involved chaining a path traversal and PHP remote code execution vulnerability affecting two web applications to gain initial access, and the Zip/Tar binaries with Sudo permissions enabled to escalate privileges to root.

December 1, 2021 | by Stefano Lanaro | Leave a comment

CTF Walkthroughs, Hack The Box

Hack The Box – Bashed Walkthrough

Introduction

This was an easy Linux machine that involved exploiting a PHP bash shell to gain initial access, misconfigured Sudo rules to escalate to the “scriptmanager” user and a cron job to escalate to root.

November 8, 2021 | by Stefano Lanaro | Leave a comment

CTF Walkthroughs, Hack The Box

Hack The Box – Dynstr Walkthrough

Introduction

This was an intermediate Linux machine that required to exploit a remote code execution vulnerability in the DYN application and to exploit a vulnerable Bash script to escalate privileges to Root.

November 1, 2021 | by Stefano Lanaro | Leave a comment