Greetings, readers! During the last month, I learned about Nebula, a tool created by the developers of Slack, which enables systems across the globe to come together in a software-defined virtual private network. Excited by the new tech, I decided to use Nebula as a Command and Control (C&C) system for creating “Red-Team” drop boxes. A “Red-Team” drop box is, essentially, a discreet, inexpensive computer capable of running a full suite of pentesting tools.
Whew! What a week! I took my second OSCP attempt over the course of 48 hours, from October 17th to 19th. Anyone who recalls my first attempt will remember how stressful and frustrating the experience had been. I believe the word I used was “fiasco.” The second attempt was everything the first attempt failed to be. From start to finish, a smooth experience. Props to Offensive Security for their hard work!
My second attempt at the OSCP begins tomorrow. Yesterday I finished revising my PWK lab report, and today I've decided to have some fun in the HackTheBox labs. In part, as always, I hope to learn something new. But mostly, I just want to hack for the joy of it. During my PWK lab time, I felt like I had to focus the beam of my attention on my PWK studies.
Goodness, how time flies! As of this post, I've got two days left in the PWK labs, and I've rooted 37 systems in the network. I feel significantly more prepared than I was two months ago, when I first took the OSCP exam. I've learned so much cool stuff, and I look forward to opportunities to use my skills in the wild (legally, of course). One of the key elements of the OSCP exam (as well as the PWK lab) is the pentest report.
Today I decided to hack Netmon on HackTheBox. While the machine gave me some frustration, it wasn't because the machine was too challenging, but rather because the machine was buggy and didn't function reliably. That being said, after wrestling with unreliable exploits and resetting the machine multiple times, I finally defeated the machine and captured its flags. As always, I created a walkthrough for the machine, so that my readers can see how I tackled the challenge.