Certifications, Learning Material, Reviews, Training Labs

My OSCP Journey^Featured

Introduction

The Offensive Security Certified Professional is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution.

It comes with the Penetration Testing with Kali video and PDF course and it’s one of the major certifications in the penetration testing world. In this article I take the time to talk about the journey that brought me to achieving this certification, all of the steps I followed, the learning material and platforms I used to prepare etc.

February 22, 2021 | by Stefano Lanaro | 7 Comments

Learning Material, Reviews

Best Udemy Cyber Security and Pentesting Courses

Introduction

Udemy is a platform that allows instructors to build online courses on their preferred topics. Students can purchase courses knowing they have been developed by professionals in a given field which award a certificate upon completion. There are a lot of valid courses on Udemy that teach various IT skills such as programming, networking, cyber security and much more.

If you are looking to start a career in cyber security or more specifically penetration testing, Udemy can be a great place to start.

February 15, 2021 | by Stefano Lanaro | 2 Comments

Buffer Overflow, Guides, Stack Buffer Overflow

Complete Guide to Stack Buffer Overflow (OSCP Preparation)

Introduction

Stack buffer overflow is a memory corruption vulnerability that occurs when a program writes more data to a buffer located on the stack than what is actually allocated for that buffer, therefore overflowing to a memory address that is outside of the intended data structure.

This will often cause the program to crash, and if certain conditions are met, it could allow an attacker to gain remote control of the machine with privileges as high as the user running the program, by redirecting the flow execution of the application to malicious code.

The purpose of this guide is to teach the basics of stack buffer overflow, especially for students preparing for the OSCP certification exam.

February 10, 2021 | by Stefano Lanaro | 12 Comments

Reviews, Training Labs

TryHackMe – Offensive Pentesting Learning Path Review

Introduction

Offensive Pentesting is one of the learning paths available on the TryHackMe platform. It is primarily designed for students preparing for the Offensive Security Certified Professional certification exam.

It contains both rooms that step the students through the various exploitation steps as well as rooms that aim to simulate a black box penetration test.

February 5, 2021 | by Stefano Lanaro | Leave a comment

Guides, Privilege Escalation, Windows

Windows Privilege Escalation – Token Impersonation

Introduction

Token impersonation is a technique through which a Windows local administrator could steal another user’s security token in order to impersonate and effectively execute commands as that user.

That are certain privileges in Windows that, if enabled, could lead to an attacker escalating privileges to SYSTEM, through various tools that have been designed to specifically exploit this vulnerability.

January 28, 2021 | by Stefano Lanaro | Leave a comment

Certifications, Reviews

eLearnSecurity Junior Penetration Tester Review

Introduction

The eLearnSecurity Junior Penetration Tester (eJPT) penetration testing practical certification provided by eLearnSecurity, a cyber security company that develops cyber security courses that are delivered electronically and that allow students to obtain corresponding certifications.

I decided to sign up for this certification a couple of years before obtaining my OSCP certification as a lot of people recommended this course as a start.

January 24, 2021 | by Stefano Lanaro | Leave a comment

Buffer Overflow, Guides, Stack Buffer Overflow

Stack Buffer Overflow – Vulnserver Guide

Introduction

Vulnserver is a multithreaded Windows based TCP server that listens for client connections on port 9999 and it is primarily used for Stack Buffer Overflow exploitation practice.

I was suggested this great tool when preparing for my OSCP certification exam as I didn’t feel like confident enough when it came to Buffer Overflow.

January 20, 2021 | by Stefano Lanaro | Leave a comment

Buffer Overflow, Guides, Stack Buffer Overflow

Stack Buffer Overflow – dostackbufferoverflowgood Guide

Introduction

I found this great material when preparing for my OSCP certification exam, I had already finished all of the exercises including the Buffer Overflow ones but I wanted to do some more practice as I wanted to be 100% ready on this subject to ensure I was getting the 25 points awarded for this machine.

January 19, 2021 | by Stefano Lanaro | Leave a comment

Checklists, Resources

Windows Privilege Escalation Checklist

Introduction

Privilege escalation is a crucial step in the penetration testing lifecycle, through this checklist I intend to cover all the main vectors used in Windows privilege escalation, and some of my personal notes that I used in previous penetration tests.

January 18, 2021 | by Stefano Lanaro | Leave a comment

Reviews, Training Labs

Offensive Security Proving Grounds (Practice) Review

Introduction

I decided to subscribe to the Proving Grounds platform after failing my first OSCP exam attempt and after completing the virtual hacking labs platform, I was very intrigued by the fact that the machines in this platform were developed by Offensive Security and therefore I was sure the quality of the machines would live up to expectations.

Proving Grounds is a platform that allows you to practice your penetration testing skills in a HTB-like environment, you connect to the lab via OpenVPN and you have a control panel that allows you revert/stop/start machines and submit flags to achieve points and climb the leaderboard.

January 18, 2021 | by Stefano Lanaro | Leave a comment