InfoSec Write-ups - Medium-- It’s not just a basic walkthrough but a resource to learn from.Deploy the Vulnerable MachineAt the very beginning of the penetration test, I’d like to start with two scans which I usually call basic Nmap scan and vuln scan.Basic Nmap scan:In the basic scan I usually use -sC, -sV, and -O switches.Vuln scan:Vuln scan … Continue reading TryHackMe. Breaking Into the Kenobi Machine.
InfoSec Write-ups - Medium-- So it can for youPhoto by timJ on UnsplashHi everyone, I’ve not been writing on Medium for a while(busy months here), however today I wanted to share with you how Response manipulation got me a Low severity bug, going hand in hand with a quickly earned bounty. When targeting a Website/Web App(or Both :D), … Continue reading How response Manipulation got me a little, but sweet Bounty
InfoSec Write-ups - Medium-- TLDR; How I’ve found four XSS vulnerabilities in Grafana rather than keep scratching the surface while hunting in a private BBP and got rewarded for three criticals(!)* But you will have to read it to figure out why 😎Not too long ago, I was hunting in my favorite Bug-Bounty program but couldn’t … Continue reading Stop scratching the surface, and hack the dependencies
InfoSec Write-ups - Medium-- One night a few weeks ago, I was writing a new Medium blog post on nothing other than — why companies should embrace bug-bounty platforms until I had a writer’s block.I thought to myself “let’s take a few minutes to do something else and then come back to it”. And what do I do … Continue reading Writing my Medium blog to complete account takeover
InfoSec Write-ups - Medium-- Retrieved from tryhackme.comReconnaissanceFirst thing we need to do is scanning. Let’s run two Nmap scans:Nmap -sV -sC -O <ip-addr> -oN basic_scan.nmapNmap — script=vuln <ip-addr> -oN vuln_scan.nmapThe first Nmap scan is very similar to -A (aggressive) scan, but it doesn’t do traceroute. The second one is meant to find potential attack vectors for the victim.The results … Continue reading TryHackMe Basic Pentesting Walkthrough.
InfoSec Write-ups - Medium-- A write-up for myself:) If you’re interested in learning ethical hacking/ pentesting, check my TryHackMe Vulnversity walkthough.Retrieved from try hackme.comReconnaissanceFirst step of compromising the given machine is port scanning with Nmap.The switches that I used for this scan are:-sV (for service version discovery)-oN (for keeping results in an Nmap formatted file)As we can … Continue reading TryHackMe. Hacking a Vulnversity Machine.
InfoSec Write-ups - Medium-- The HackPark educational walkthrough with Metasploit, Msfvenom, Exploit-DB, PowerShell, and RCE.Continue reading on InfoSec Write-ups » View original article on InfoSec Write-ups - Medium
InfoSec Write-ups - Medium-- Remote — HackTheBox Writeup OSCP StyleRemote was an easy difficulty windows machine that featured Umbraco RCE and the famous Teamviewer’s CVE-2019–18988. Been thinking to publish an article in OSCP style, it took a while.Offsec’s PWK Example Report: https://www.offensive-security.com/pwk-online/PWK-Example-Report-v1.pdfI used the above example report for my OSCP exam report and this walkthrough will follow the same … Continue reading Remote — HackTheBox Writeup OSCP Style
InfoSec Write-ups - Medium-- Metasploit, Exploit-DB, PowerShell, and more.Continue reading on InfoSec Write-ups » View original article on InfoSec Write-ups - Medium
InfoSec Write-ups - Medium-- Walkthrough on the TryHackMe EternalBlue machine.ReconBefore tackling any machine , there is a couple of Nmap scans that I like to use:All the switches in the first scan can be simply replaced by the -A switch, but sometimes it’s good to remind oneself what that switch does.The second runs all the scans included in … Continue reading TryHackMe. Exploiting EternalBlue Vulnerability.
Hacker's Directory 