In this video, we cover common Active Directory attacks, including GPP/cPasswords and Kerberoasting against Hack the Box’s Active. We also cover basic buffer overflows with Vulnserver. We conclude with career Q&A. If you enjoy this video, please follow me on Twitch (https://www.twitch.tv/thecybermentor) for future lessons! Wanna chat? Add me on Twitter, YouTube or LinkedIn!Veteran? Join
In this video, we cover vulnerable machines from a penetration tester’s perspective. Instead of just capturing the flag, we cover what vulnerabilities potentially exist and would be noted on a penetration testing report. We conclude with career Q&A. If you enjoy this video, please follow me on Twitch (https://www.twitch.tv/thecybermentor) for future lessons! Wanna chat? Add
Introduction Around a month ago, I was looking for my next “hacking” certification. Up to this point, I’ve achieved the CEH, OSCP, OSWP, and Pentest+ (beta), in that order. I was specifically looking for web application, reverse engineering, and advanced penetration testing certifications that were relatively up to date as I felt that I needed
Introduction: This week’s retiring machine is Bounty, which is a beginner-friendly box that can still teach a few new tricks. Bounty is rated 4.8/10, which I feel is pretty appropriate given the overall ease of the machine. In this walkthrough, we’ll do a little bit of dirbusting, learn a nifty trick to gain remote code
Introduction: This week’s retiring machine is TartarSauce, which is full of rabbit holes deep enough to get stuck in. With a rating of 6.2/10, it’s not the most difficult of machines out there, but it definitely felt a little more complex to me than a 30 point box. Either way, we get to experience another
For the last week, VetSec competed in the Hacktober.org CTF event, which consisted of challenges in forensics, steganography, programming, offensive tactics, web application, reverse engineering, cryptography, and more. I am happy to announce that WE WON! Our team consisted of the following members: Elliot Chernofsky (@emtuls) Reuben Booker (@reubadoob) Rob Fuller (@mubix) Myself (@hmaverickadams) The
Introduction: This week’s retiring box is DevOops. Coming in at a difficulty rating of 4.3/10, it’s not an incredibly hard machine to root, but it does teach some valuable lessons in web application penetration testing and basic Linux privesc enumeration. Let’s take a look at what a simple “oops” can mean for the bad guy.
Introduction This week’s retired box is Fighter, which brought a lot of pain into my life. Having just started my HTB journey over the past couple of weeks, I have challenged myself to complete the retiring box, at a minimum, so that I can continue to post write-ups. Fighter caused me hours of lost sleep.
Introduction: With Sunday’s retirement today, I finally get to write my first Hack The Box write-up. I cannot tell you how exciting that is, but Borat can: Sunday was a bit on the easier side, but in the end, taught me a new tricks I had never seen before. The box reminded me of my
How to: This portion of the article focuses on how to set up your Raspberry Pi and Android phone with the appropriate tools. Once you have set everything up, feel free to watch the video for a live demonstration. Equipment used: -Raspberry Pi 3 with Kali installed (Amazon link) -Android (Samsung Galaxy 8S) -ALFA AWUS036NH