Tag

Pentesting

Certifications, Learning Material, Reviews, Training Labs

My OSCP JourneyFeatured

Introduction

The Offensive Security Certified Professional is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution.

It comes with the Penetration Testing with Kali video and PDF course and it’s one of the major certifications in the penetration testing world. In this article I take the time to talk about the journey that brought me to achieving this certification, all of the steps I followed, the learning material and platforms I used to prepare etc.

Read more
February 22, 2021 | by Stefano Lanaro | 7 Comments
Guides, Linux, Privilege Escalation

Linux Privilege Escalation – Exploiting Misconfigured SSH Keys

Introduction

Secure Shell (SSH) is a cryptographic network protocol which allows users to securely perform a number of network services, such as remote authentication or file transfer, over an unsecured network. SSH keys provide a more secure way of logging into a server through SSH than via a password authentication.

If improperly configured, SSH keys could allow an attacker to authenticate as another user to escalate privilege, potentially even as root.

Read more
February 16, 2021 | by Stefano Lanaro | 4 Comments
Learning Material, Reviews

Best Udemy Cyber Security and Pentesting Courses

Introduction

Udemy is a platform that allows instructors to build online courses on their preferred topics. Students can purchase courses knowing they have been developed by professionals in a given field which award a certificate upon completion. There are a lot of valid courses on Udemy that teach various IT skills such as programming, networking, cyber security and much more.

If you are looking to start a career in cyber security or more specifically penetration testing, Udemy can be a great place to start.

Read more
February 15, 2021 | by Stefano Lanaro | 2 Comments
Guides, Linux, Privilege Escalation

Linux Privilege Escalation – Exploiting User Groups

Introduction

In Linux, groups are an attribute that can be allocated to users to allow them to access certain files/binaries or perform certain actions in the operating system.

Some groups, when assigned to a given user, can allow them to perform actions that go beyond their usual privileges and potentially escalate privileges to root.

Read more
February 14, 2021 | by Stefano Lanaro | Leave a comment
Buffer Overflow, Guides, Stack Buffer Overflow

Complete Guide to Stack Buffer Overflow (OSCP Preparation)

Introduction

Stack buffer overflow is a memory corruption vulnerability that occurs when a program writes more data to a buffer located on the stack than what is actually allocated for that buffer, therefore overflowing to a memory address that is outside of the intended data structure.

This will often cause the program to crash, and if certain conditions are met, it could allow an attacker to gain remote control of the machine with privileges as high as the user running the program, by redirecting the flow execution of the application to malicious code.

The purpose of this guide is to teach the basics of stack buffer overflow, especially for students preparing for the OSCP certification exam.

Read more
February 10, 2021 | by Stefano Lanaro | 12 Comments
Guides, Linux, Privilege Escalation

Linux Privilege Escalation – SUID Binaries

Introduction

Linux has several access attributes that can allow users or groups to perform certain actions against files, such as execute, modify or view files.

SUID (Set User Identification) and GUID (Set Group Identification) are permissions that allow users to execute a binary or script with the permissions of its owner (SUID) or of its group (GUID).

Some binaries have this permission by default as they require to perform certain actions with elevated privileges, for example the passwd binary needs to run as root in order to change a user’s password, although certain binaries can be exploited to escalate privileges if they have the SUID bit set.

Read more
February 8, 2021 | by Stefano Lanaro | Leave a comment
CTF Walkthroughs, TryHackMe

TryHackMe – Alfred Walkthrough

Introduction

This was an easy Windows box that involved authenticating to Jenkins using common credentials, executing commands through the Groovy scripting language used in the script console to gain remote access and using token impersonation to escalate privileges to SYSTEM.

It also involved switching from a normal shell to a Meterpreter shell and migrating from a user level process to a SYSTEM level process.

Read more
February 6, 2021 | by Stefano Lanaro | Leave a comment
Cheat Sheets, Resources

Shell File Transfer Cheat Sheet

Introduction

When performing enumeration steps during a penetration test, there is often the need to transfer files to or from the victim machine, for example to run custom scripts or analyze files further in a controlled environment.

There are different techniques and tools that can be used to transfer files and depending on the target operating system and installed software these may or may not work. The purpose of this cheat sheet is to provide an exhaustive resource for transferring files using command-line interfaces.

Read more
February 5, 2021 | by Stefano Lanaro | Leave a comment
Reviews, Training Labs

TryHackMe – Offensive Pentesting Learning Path Review

Introduction

Offensive Pentesting is one of the learning paths available on the TryHackMe platform. It is primarily designed for students preparing for the Offensive Security Certified Professional certification exam.

It contains both rooms that step the students through the various exploitation steps as well as rooms that aim to simulate a black box penetration test.

Read more
February 5, 2021 | by Stefano Lanaro | Leave a comment