Hack the Box

With Defcon 26 done for the year, I thought I'd finally post some of the machines I've been working on in Hack The Box(HTB). I'll be working on machines that are currently running, and won't post the results till they are retired. I'll do them in two phases. The first phase will be about capturing the user hash, and the second phase will be about getting the root hash of each machine. I'll try and continue to write as much as I possibly can on the HTB machines, while I study for my OSCP. I'll also try to use less of Metasploit and do the exploitation phase manually, as I feel this will strengthen my exploit process in the OSCP exam. 

Defcon 26

Defcon 26 is less than a month away! Last year was the first time that the convention would be held at the Cesar Palace. By personal experience it felt as though some of the talks were spread far apart from one another. Let's hope that this year they've organized and that The Cesar Palace has finished with construction. Defcon has released the list of villages this year:

Internet of Things
Crypto and Privacy
Wireless
Biohacking
R00tz Asylum
Hardware Hacking
Lockpicking
Social Engineering
Tamper Evident
Data Duplication
DEAF CON
Voting Machine Hacking
Recon
AI
Soldering Skills
DroneWarz
VX (Chip-Off)
Mobile Museum of Vintage Technology
Ethics
Laser Cutting
Cannabis
CAAD (Competition on Adversarial Attacks and Defenses)
Blue Team
Car Hacking
Packet Hacking
Industrial Control Systems
Skytalks
Monero/BCOS

Villages at Defcon are a wealth of knowledge. When visiting Defcon, most if not all, will say "you should visit the villages learn something new, skip the talks". This is all but true. The talks are all recorded and easily uploaded within a couple of months onto the Defcon site. The villages, CTF competition are where you want to be. I know I'll be sitting with my burner laptop, at the CTFs meeting new people and learning new things.

Been too long

Well I haven't written anything on this in a long while, a good year to be exact. I've been studying for my OSCP and have failed twice. I've been studying like a mad man for the past two months. I would write out what I'm studying or how i'm studying but I feel like that has already been written by others. You can see all over Reddit, especially the OSCP subreddit, where there are countless entries on how to study for this. I'd say to find something that you feel is right for you. 

What feels right for me is to crack open vulnhub and run the machines and try and crack them. Of course that isn't all. When it comes to the buffer overflow exercise there's a lot more reading involved. The courseware gives just enough for you to maybe familiarize yourself with this concept but to get even more familiar you would need to go on your own and do some research.

So what I will do while I study is add to this blog on what I've done so that others may find it helpful. I will be creating a new section for this so be on the look out for that. 

oscp practice list

As a practice to the OSCP certification (that'll come sometime either this year or next year) I've read this article posted on reddit. It's a list of vulnerable OS that are either similar to the OSCP lab and or final exam. I'll be going through this list and posting walkthroughs. I've already completed two of them on the list. I'll be trying to do these on a weekly basis. 

Sites & Sounds

Another year at Defcon in Las Vegas, and this time around I've come with experience from my first visit. Last year on my first visit to this convention it didn't last long as I only stayed a day in a half. For this year I've decided to get to Vegas early. Of course it's always best to get here early for Defcon if you wish to get the electronic badges. I'll be updating my photography page with images from Defcon.

Update

Hello,

Another week goes by and more projects that i'm dealing with are slowing my progress with the sandbox machine that I was supposed to document about here. But I will share what I did once I complete the other projects.

On another note I've signed up for the Cisco CCNA Cyber Ops Scholarship, you can read all about it here . I do recommend that you at least sign up even if you do not qualify, it doesn't hurt to try. 

I've also been investing time in a Raspberry pi that I've recently picked up. I will be making a IDS out of it to use at my network at home. I will be creating a write up once I've completed with that. I will be also be picking up a second Raspberry pi for my camera security system at home. 

That's it for this week I promise I'll post up the documentation on the Sandbox, and the IDS as soon as I get finished with them. 

 

0x0001

Here's the first post folks, and I've got nothing big to talk about. I am however participating in the DEFCON Qualifiers with the Opentoall CTF group. This is my first time joining a CTF group, or for that matter joining a CTF at all. 

The DEFCON Qulifier challenge seems to be a bit on the high level for me. Or I might be thinking to hard about the challenges, I'll just have to slow down and think straight about the challenges one at a time. 

Well that's it for now, short and sweet. I'll add more post of what projects I'll be doing like Vulnerable OS walkthroughs, and some up and coming conferences I'll be attending.