I am working on a to-do list with labs and blog posts, planning on taking deep dives into topics to understand them truly. Finding bugs would be cool, but I truly want to figure out how everything works.
Blog posts, lab provisioning instructions, and source code will be coming in 2022!
- How To Beat The OSCP Exam
TL;DR: Take breaks... no seriously, take breaks even if on a roll. Unless you want to fail.
- Digitalworld Bravery VulnHub Walkthrough
This box was basically all dependent on enumeration. There’s a lot to look at and go through, but have to keep going and searching. 95% of the time is spent getting the initial shell. I really liked this box because I got to focus on enumeration and note taking.
- Digitalworld Mercy Vulnhub Walkthrough
I liked this box and it reminds me of OSCP exam machines and good Hack The Box machines. There’s enumeration across multiple services, uses different vulnerability exploitations, and has three different stages of initial access, user account, and root access. I love the 3 stage access option because I’m used to it with Hack The Box, but OSCP machines don’t always have 3 stages.
- Digitalworld Joy VulnHub Walkthrough
This machine would have been much more complicated if not for enumeration. Most of the work was just getting the initial shell and after that, the box fell quickly.I learned that if I find a vulnerability with a public exploit, calm down, take note of it, and keep enumerating because there could be more exploits (that are more reliable/easy). I wasted a lot more time on dropbear ssh exploit than I should have.