This is the third iteration of the Hacker Playbook series, it teaches various penetration testing techniques such as web application exploitation, active directory, lateral movement, privilege escalation, and much more. This book helped me greatly when I began my OSCP journey and I could recommend this enough.
Read moreThis was an easy Linux machine that involved exploiting a file upload functionality to gain initial access and a binary with the SETUID bit assigned to escalate privileges to root.
Read moreWindows allows users to set specific applications to automatically start whenever a user authenticates, by placing their executables in a directory designed specifically for startup programs. Although this feature can be very handy, if startup programs are set up with improper permissions it may allow attackers to escalate privileges, as these programs are executed in the context of the user who is logging in at that point in time.
Read moreThis was an intermediate Linux machine that required hijacking a user session by abusing the “kid” JWT token parameter to gain initial access and exploiting a vulnerability in Docker to escape the container and obtain root privileges.
Read moreThis was an intermediate Linux machine that involved exploiting a remote file inclusion in the WordPress plugin to gain initial access and various misconfigurations with the Tar binary to escalate privileges to root.
Read moreThis was an intermediate Linux machine that involved deciphering a password encrypted using the Vigenere cipher to gain initial access, exploiting a cron job to escalate to the tweedledum user, cracking user hashes to escalate to the humptydumpty user, accessing a private SSH key on the machine to escalate to the alice user and exploiting a misconfigured Sudo rule to escalate privileges to root.
Read moreThis was an easy Linux machine that involved exploiting the Ghostcat vulnerability affecting Apache Tomcat to gain initial access, cracking the hash of a GPG private key and exploiting the Zip binary with Sudo permissions enabled to escalate privileges to root.
Read moreIMPORTANT: Note that the Certified Red Team Professional (CRTP) course and lab are now offered by Altered Security who are the creators of the course and lab. You can get the course from here – https://www.alteredsecurity.com/adlab
The Certified Red Team Professional is a penetration testing/red teaming certification and course provided by Pentester Academy, which is known in the industry for providing great courses and bootcamps.
In this review, I take the time to talk about my experience with this certification, the pros, and cons of enrolling in the course, my thoughts after taking and passing the exam, and a few tips and tricks.
Read moreThis was a room that taught the basics of PowerShell, how to perform enumeration on Windows with Powershell and the fundamentals of PowerShell scripting.
Read moreThis was a very easy Linux machine that required to exploit the Drupalgeddon2 vulnerability and finding clear-text database credentials in order to gain remote access to the host, and the Snap binary with Sudo permissions enabled to escalate privileges to root.
Read more