computers Cobalt Strike C2 Profiles - HTTP Cobalt Strike does provide documentation on creating and editing C2 profiles but the documentation is limited and not clear in places. This is an attempt to clarify some of the areas that confused me initially. Context This specifically focuses on the HTTP GET and HTTP POST definitions; C2 Profiles control
computers Hack The Box: Keeper Enumeration As always, start off with an NMAP Scan Just 80 and 22 open today. We will start by enumerating the web app. To make some of this work easier, I am going to add keeper.htb and tickets.keeper.htb to my hosts file. Navigating to the linked site
computers Hack The Box: Irked Irked: Retired If you are interested in learning more about penetration testing, Hack the Box is a great way to get your feet wet in a legal and well built environment. Head over to hackthebox.eu [https://hackthebox.eu] to get started. Enumeration My initial enumeration returned a handful of
computers SANS Holiday Hack 2018 I have to be honest, life is just too busy this year for me to actually write a full report in the context of the story. Suffice it to say, I really enjoyed this year's challenge, much better than last year in terms of not having to actually
computers Hack The Box: Jerry Jerry: Retired 17 November 2018 If you are interested in learning more about penetration testing, Hack the Box is a great way to get your feet wet in a legal and well built environment. Head over to hackthebox.eu [https://hackthebox.eu] to get started. This box was almost too
computers Hack The Box: DevOops DevOops: Retired 13 October 2018 If you are interested in learning more about penetration testing, Hack the Box is a great way to get your feet wet in a legal and well built environment. Head over to hackthebox.eu [https://hackthebox.eu] to get started. Been a while since I
computers theHarvester For Open Source Recon I was using theHarvester the other day and had to do a little extra work to get the data I wanted out of the results. There are plenty of posts out there about how excatly to use theHarvester so I am not covering that. The current version from theHarvester GitHub
computers Timestamp Keyboard Shortcut In gedit I do not know why this was such a hard problem to find a solution to given that the solution I arrived at was extremely simple. On multiple teams I work with, we have a need to take timestamped notes of our actions. Often we are operating on locked down
computers Hack The Box - Bashed Bashed: Retired 28 April 2018 If you are interested in learning more about penetration testing, Hack the Box is a great way to get your feet wet in a legal and well built environment. Head over to hackthebox.eu [https://hackthebox.eu] to get started. Bashed was one of the
computers SANS SEC660 - Advanced Penetration Testing, Exploit Writing, and Ethical Hacking UPDATE: I took my exam and PASSED! I felt that the actual exam was a bit harder than the practice tests but I also get my best score out of the three. The material covered in class is great but you really have to have read the text in the
computers Hack The Box - Sense Sense: Retired 24 March 2018 If you are interested in learning more about penetration testing, Hack the Box is a great way to get your feet wet in a legal and well built environment. Head over to hackthebox.eu [https://hackthebox.eu] to get started. Sense was an easier box
computers Hack The Box - Mirai Mirai: Retired 10 Feb 2018 If you are interested in learning more about penetration testing, Hack the Box is a great way to get your feet wet in a legal and well built environment. Head over to hackthebox.eu [https://hackthebox.eu] to get started. Mirai was certainly one of
computers Hack The Box - Solidstate SolidState: Retired 27 Jan 2018 If you are interested in learning more about penetration testing, Hack the Box is a great way to get your feet wet in a legal and well built environment. Head over to hackthebox.eu [https://hackthebox.eu] to get started. Solidstate was extremely similar to
sans SANS Holiday Hack 2017 - Wintered This year's Holiday Hack did not disappoint. Using vulnerabilities and attacks that dominated the headlines this year made the event even more fun.
computers Metasploitable3 CTF Rapid7 just wrapped up the second of their Metsploitable3 CTFs, this time for the Linux version of the intentionally vulnerable OS that both beginner and advanced hackers can hone their skills on. They only allowed 500 participants/teams worldwide. I had a lot of free time the week of the
computers Hack The Box - Blocky Blocky: Retired 9 Dec 2017 If you are interested in learning more about penetration testing, Hack the Box is a great way to get your feet wet in a legal and well built environment. Head over to hackthebox.eu [https://hackthebox.eu] to get started. Blocky has been the easiest
computers Hack The Box: Europa Europa: Retired 2 Dec 2017 If you are interested in learning more about penetration testing, Hack the Box is a great way to get your feet wet in a legal and well built environment. Head over to hackthebox.eu to get started Enumeration Using Sparta, I ran a staged NMAP
computers Hack The Box: Apocalyst Apocalyst: Retired 25 Nov 2017 If you are interested in learning more about penetration testing, Hack the Box is a great way to get your feet wet in a legal and well built environment. Head over to hackthebox.eu to get started. Enumeration Using Sparta, I ran a staged NMAP
computers Air Force Training: Guided Research Assignment As part of my next round of Air Force Training's Advanced Distance Learning I had to chose a tool from a list and do a short research assignment on the tool. I chose Burp Suite. Here is what I wrote...seemed like a good idea of post something
computers SANS SEC642 - Advanced Web App Penetration Testing I was just lucky enough for work to send me to a SANS course in Vegas (at Caesar's no less, where Caesar lives) because a member of our team had previously booked the course and then left the company. SANS has a great refund policy and would have
OSCP Try Harder - The Journey To My OSCP I tried harder and the effort paid off, I am now officially an Offensive Security Certified Professional (OSCP) The journey was arduous but well worth it and I learned a TON! Pre-Registration I am lucky enough to work with one OSCP and another friend who was gonig through the labs