New Tutorial: Building a Red-Team Drop Box with Nebula

Greetings, readers! During the last month, I learned about Nebula, a tool created by the developers of Slack, which enables systems across the globe to come together in a software-defined virtual private network. Excited by the new tech, I decided to use Nebula as a Command and Control (C&C) system for creating “Red-Team” drop boxes. A “Red-Team” drop box is, essentially, a discreet, inexpensive computer capable of running a full suite of pentesting tools.
Read more →

Pre-Exam Personal Project Playtime

My second attempt at the OSCP begins tomorrow. Yesterday I finished revising my PWK lab report, and today I've decided to have some fun in the HackTheBox labs. In part, as always, I hope to learn something new. But mostly, I just want to hack for the joy of it. During my PWK lab time, I felt like I had to focus the beam of my attention on my PWK studies.
Read more →

Post-Lab Revision

Goodness, how time flies! As of this post, I've got two days left in the PWK labs, and I've rooted 37 systems in the network. I feel significantly more prepared than I was two months ago, when I first took the OSCP exam. I've learned so much cool stuff, and I look forward to opportunities to use my skills in the wild (legally, of course). One of the key elements of the OSCP exam (as well as the PWK lab) is the pentest report.
Read more →

Has It Already Been Two Months?

Happy July 4 to everyone in the United States. Today is the last day of my PWK course. It's been intense, and in the practice labs I did better than I expected, but not as well as I'd hoped. Considering the fact that 99% of my “training” has been self-study—poring through books, websites, “text-philez”, PDFs, online courses, and (occasionally) videos on YouTube—I think I did fairly well. I'm no longer a Novice, not quite Adept, but well along my way as an Apprentice.
Read more →

PWK: Week One Rundown

What a busy week it's been! Until yesterday the course has largely been a review of concepts I already understood (though the review definitely helped), with a few new nuggets of wisdom thrown in for good measure. The only gripe I have so far is that the videos are older than the PDF, and the PDF is a little outdated compared to the course, and certain changes in the lab and the Kali VM weren't reflected in the course material, which caused a bit of a headache as I tried to piece everything together.
Read more →