So You Want To Be a Pentester?

It goes without saying that being a Professional Penetration Tester is one of the “sexier” jobs in InfoSec. I mean, let’s be honest here - who wouldn’t want ...

Reverse Engineering Network Protocols

In the past few weeks I finally found time to dig into my library and read some of the books that I’ve been meaning to read since like last year. One of the ...

Pentestit Lab v11 - ClamAV Token (9/12)

In my previous post “Pentestit Lab v11 - Cloud Token (8/12)”, we utilized tcpdump for Network Reconnaissance on the compromised 192.168.10.1 machine, accesse...

Pentestit Lab v11 - Cloud Token (8/12)

In my previous post “Pentestit Lab v11 - Connect Token (7/12)”, we footprinted the 192.168.11.1 subnet, exploited a Command Injection Vulnerability, carried ...

Pentestit Lab v11 - Connect Token (7/12)

In my previous lab “Pentestit Lab v11 - Director Token (6/12)”, we footprinted the DIR Subnet using a comprised SSH Key for the 172.16.0.252 Router in the Ma...

Pentestit Lab v11 - CUPS Token (5/12)

In my previous post “Pentestit Lab v11 - AD Token (4/12)”, we footprinted the AD server, utilized Pass the Hash by using our newly found hash for SMB Authetn...

Pentestit Lab v11 - AD Token (4/12)

In my previous post “Pentestit Lab v11 - RDP Token (3/12)”, we footprinted the Office 2 subnet, utilized SSH tunneling to attain RDP access, enumerated and b...

Pentestit Lab v11 - RDP Token (3/12)

In my previous post “Pentestit Lab v11 - Site Token (2/12)”, we found an SSH Login to Office 2 via Intelligence Gathering, brute forced OpenVPN which allowed...

Pentestit Lab v11 - Site Token (2/12)

In my previous post “Pentestit Lab v11 - CRM Token (1/12)”, we found a SQL Injection Vulnerability on the main WordPress site and a Remote Code Execution Vul...

Pentestit Lab v11 - CRM Token (1/12)

In my previous post “Pentestit Lab v11 - Introduction & Network”, we covered the Network, and VPN Connection. Today we will be covering the first steps t...

Pentestit Lab v10 - Cloud Token (13/13)

In my previous post “Pentestit Lab v10 - WIN-DC0 Token (12/13)”, we utilized our VPN access and the WIN-TERM machine to pivot into the WIN-DC0 machine, gathe...

Pentestit Lab v10 - News Token (8/13)

In my previous post “Pentestit Lab v10 - Captcha Token (7/13)”, we pivoted further into the internal network via an SSL Tunnel to access the Captcha Machine,...

Pentestit Lab v10 - Captcha Token (7/13)

In my previous post “Pentestit Lab v10 - Blog Token (6/13)”, we further utilized the gw machine to pivot into the internal network and access the Blog via an...

Pentestit Lab v10 - Blog Token (6/13)

In my previous post “Pentestit Lab v10 - Store Token (5/13)”, we took a step back to map the attack surface of the Store Web Application, utilized the compro...

Pentestit Lab v10 - Store Token (5/13)

In my previous post “Pentestit Lab v10 - SSH-Test Token (4/13)”, we utilized the compromised gw machine to pivot into the internal network, used previously c...

Pentestit Lab v10 - SSH Token (3/13)

In my previous post “Pentestit Lab v10 - Site Token (2/13)”, we mapped the attack surface of the GDS Blog, exploited a SQL Inject while bypassing the WAF fil...

Pentestit Lab v10 - Site Token (2/13)

In my previous post “Pentestit Lab v10 - Mail Token (1/13)”, we attained usernames through Intelligence Gathering, brute forced the SMTP Service, attained lo...

Pentestit Lab v10 - Mail Token (1/13)

In my previous post “Pentestit Lab v10 - Introduction & Network”, we covered the Network, and VPN Connection. Today we will be covering the first steps t...

SANS 2016 Holiday Hack Challenge

Happy Holidays and a Happy New Year 2017 readers! Thanks for joining me today as we go over the SANS 2016 Holiday Hack Challenge! Which honestly, was the mos...

VulnHub - Kioptrix 1

“Try Harder”… the quote that brings fear and confusion into every PWK participant; all working hard to obtain the prestigious OSCP Certificate.

VulnHub ‘Mr.Robot 1’ - CTF

When a bug finally makes itself known, it can be exhilarating, like you just unlocked something. A grand opportunity waiting to be taken advantage of. - M...

OverTheWire: ‘Natas’ Solutions 1-10

Web Hacking; one of the most dangerous attack vectors out on the internet in today’s world. Web Hackers have gotten away with millions of user accounts and p...