I just passed my OSEP exam! I really enjoyed this course. A lot of good content about AV evasion & AD exploitation and good challenge labs to practice on (plan some time for these, they take a while to finish). OSED next🙂
#offsec
@offsectraining
I just passed my AWAE exam and obtained the OSWE certification! That was a fun challenge - I can recommend the course to anyone interested in finding vulnerabilities in web applications through code review & debugging.
#offsec
@offsectraining
Spooler service disabled, RPC filters installed to prevent PetitPotam and File Server VSS Agent Service not installed but you still want to relay DC authentication to ADCS?
Don't worry MS-DFSNM have your back ;)
I just received a lovely email from
@YouTube
that one of my
@hackthebox_eu
walkthroughs violates the "harmful and dangerous policy". Put some effort into writing an appeal, which got rejected in under a minute after sending it. Nice. Does anyone have experience dealing with this?
Reported a LPE on the Linux version of Papercut NG about 6 months ago. Still doesn't seem to be fixed on the current version (23.0.3). Here are the details:
Proper retired today on HackTheBox.
@ATeamJKR
and I had a lot of fun creating this box and watching the community solve it. It has SQLi, RFI, TOC/TOU, Golang Reversing & an Arbitrary File Write as SYSTEM.
Here is my writeup & video of the box:
This is somewhat similar for domain-joined ubuntu machines - if you can create the AD group "admin" and use_fully_qualified_names is set to false in sssd.conf, you will be able to sudo to root due to the default "%admin ALL=(ALL) ALL" sudoers entry.
In today's WTF?!?!? moment
When a ESXi server is domain-joined, it assumes any "ESX Admins" group & its members should have full admin rights.
So.... anyone who can create & manage a group in AD, can get full admin rights to the VMware ESX hypervisors!
Attended was a pretty tricky OpenBSD machine on
#HackTheBox
. We get RCE via Vim, write a simple HTTP reverse shell and exploit a custom OpenBSD binary for root. Thanks,
@ATeamJKR
&
@macz01590714
, for going over the details on this one again with me!
I'm starting a new video series on pentesting the new lab (Wutai). In the first one, we'll start from the perspective of an unauthenticated, external attacker and will mainly focus on enumeration and getting initial access.
Pivotapi by
@CyberVaca_
&
@3v4Si0N
was a really enjoyable windows machine on
#hackthebox
. It involved a lot of small steps, including various active directory attacks & some light reverse engineering. At the end, I'm showing 2 unintended paths.
@RedTeamTactics
@hackthebox_eu
We do custom hiring challenges via
@vulnlab_eu
(for red teaming: small realistic environments with a couple of machines). Since those are private there are no writeups :)
My video on Cereal by
@micahvandeusen
on
#HackTheBox
is up. One of my favorite boxes: Code Review, XSS & Deserialization, followed by a local SSRF & SeImpersonate.
New box by
@ATeamJKR
and me - I hope you enjoy this one! We certainly had fun building it. Although not being able to compete on a new box is a bit annoying for me ;)
And it happened again: Another one of my videos got removed, and the appeal got rejected seconds after hitting send (must be automated?).
@TeamYouTube
can you help? This is the third time now in just a few weeks.
🚨 New advisory is now out! 🚨
A vulnerability in MTS driver allows local users to write arbitrary data to sensitive areas of the kernel’s memory which can be exploited to gain elevated privileges:
Too many people fall into the traps of gamification or certification, focusing on the wrong objectives.
Your goal should be to learn, not to be at the top of the leaderboard or merely to pass an exam.
[1/2]
@sh3llvik
@hackthebox_eu
This almost never works, but if it does it's great fun :) The only other case I can remember is the "Armageddon" box shortly after Drupalgeddon2.
@thecybermentor
I have a small YouTube channel with weekly videos on retiring HackTheBox machines. For the future, I was thinking about adding content for other platforms too.
New machine "Dump" is going live today! Thank you
@ATeamJKR
for creating this machine for Vulnlab! This is already the second jkr box on the platform 🍾
@0xdf_
@hackthebox_eu
Thanks for the great write-up and box! Another way to System is to use CVE-2019-1315 (which I think was published after the box was released).
📢 📢
#RomHack2023
conference agenda is online 📢 📢
We are happy to announce this year’s incredible lineup
Ticket sales will start on Monday, 3 July
Check the thread
#pleaseRT
⬇️ ⬇️ ⬇️
Just got back from
#44CON
- amazing conference! Particularly enjoyed the SAP security training by
@jsantarsieri
and the heap exploitation workshop by Max Kamper.
@martinbydefault
@offsectraining
Thanks! I think 30 days are enough to work through the course and you could host the vulnerable applications yourself if you run out of lab time.
@NETKLB
@ATeamJKR
It's an intentionally vulnerable system that will be released on
@hackthebox_eu
this week, allowing people to practice their hacking skills ;)