Illumination, a 20 point Hack the Box forensics challenge, asks the question “can you find the secret token?”. The back story is that a Junior Developer has just switched to a different source control platform. Theres a ZIP file to download, as with most of these challenges, which when inflated […]
When a Threat Actor is trying to get a payload onto a box they’ll often use curl and wget as they’re often present on the endpoint. If they aren’t – or there’s considerations of being a little more stealthy – there’s another way to live off of the land. It’s […]
In the news recently a leak of emails from ULA, one of SpaceX’s biggest rivals, were cooking-up a large serving of conspiracy pie. I’m actually less interested what may or may not have been going on and wanted to focus on if I could prove if this correspondence was genuine. […]
The course for joining the SAS has sessions called a “Sickener”. These are where recruits are pushed and pushed, without any end in sight. Its as much a psychological battle as it is physical. Probably more the former in all honesty. This box is quite a close equivalent for the […]
Doing some DBA-ing recently I came across a table that contained dates and times for orders stored in a bit of an unusual way. Instead of having columns for date and for time, they were both stored in the same column as different rows! I hadn’t come across this before […]
This Windows challenge by Micah was a particularly meaty box with a lot of variety and some fairly real-world applications for what you learn. Our initial nmap scan showed we were dealing with a Windows DC running IIS 10. I used ffuf to see what things we might find on […]
There’s plenty of ways to do sandboxing for malware analysis. Say you want to use your own custom set-up, and specifically just want to rewrite the IP headers so that you can capture the outbound traffic to analyse or do ‘things’ to it. Any version of Linux can do this […]
I’m not especially fond of the words ‘Cyber’ or ‘Symposium’, even worse when they’re joined together. As I write this Mike Lindell is holding his CyberSymposium where he’s allegedly releasing packet captures that prove that ‘the election was stolen’. So you know where I stand: there’s yet to be a […]
For the first time I went after a machine very shortly after release. The Release Area gives you the chance to have the machine all to yourself on a standard VIP plan – a good enough reason if you ask me! Standard enumeration with nmap -A -oA htb -sV -sC […]
I started this off with some very standard enumeration, getting nmap and dirbuster up and running. There was clearly something web-like and interesting running on 5000/tcp but that wasn’t accessible from an external address. Also of interest was a reference that nmap discovered to ‘staging.love.htb’. It took me longer than […]