New Tutorial: Building a Red-Team Drop Box with Nebula

Greetings, readers! During the last month, I learned about Nebula, a tool created by the developers of Slack, which enables systems across the globe to come together in a software-defined virtual private network. Excited by the new tech, I decided to use Nebula as a Command and Control (C&C) system for creating “Red-Team” drop boxes. A “Red-Team” drop box is, essentially, a discreet, inexpensive computer capable of running a full suite of pentesting tools.
Read more →

OSCP Second Attempt Debrief

Whew! What a week! I took my second OSCP attempt over the course of 48 hours, from October 17th to 19th. Anyone who recalls my first attempt will remember how stressful and frustrating the experience had been. I believe the word I used was “fiasco.” The second attempt was everything the first attempt failed to be. From start to finish, a smooth experience. Props to Offensive Security for their hard work!
Read more →

Pre-Exam Personal Project Playtime

My second attempt at the OSCP begins tomorrow. Yesterday I finished revising my PWK lab report, and today I've decided to have some fun in the HackTheBox labs. In part, as always, I hope to learn something new. But mostly, I just want to hack for the joy of it. During my PWK lab time, I felt like I had to focus the beam of my attention on my PWK studies.
Read more →

Post-Lab Revision

Goodness, how time flies! As of this post, I've got two days left in the PWK labs, and I've rooted 37 systems in the network. I feel significantly more prepared than I was two months ago, when I first took the OSCP exam. I've learned so much cool stuff, and I look forward to opportunities to use my skills in the wild (legally, of course). One of the key elements of the OSCP exam (as well as the PWK lab) is the pentest report.
Read more →

HTB Netmon

Today I decided to hack Netmon on HackTheBox. While the machine gave me some frustration, it wasn't because the machine was too challenging, but rather because the machine was buggy and didn't function reliably. That being said, after wrestling with unreliable exploits and resetting the machine multiple times, I finally defeated the machine and captured its flags. As always, I created a walkthrough for the machine, so that my readers can see how I tackled the challenge.
Read more →