BSCP preparation and exam experience
The past 2-3 months, I’ve been spending some time on preparing for the BSCP (Burp Suite Certified Practitioner) certification. I passed the exam and in this post I will share how I prepared, how the exam went and some tips for you to pass the exam.
What is BSCP?From the Portswigger: “The Burp Suite Certified Practitioner (BSCP) is an official certification for web security professionals, from the makers of Burp Suite. Becoming a Burp Suite Certified Practitioner demonstrates a deep knowledge of ...
TU Delft CTF 2024 - Script Runner
On the 5th of October 2024, my team and I attended the TU Delft CTF 2024. Our team won the 3rd price with a total of 5403 points. In total, 51 teams attended the CTF with each 4 members. It was a fun CTF and organized well too. Props to the organization!
Write up Script RunnerScript Runner is a web challenge that was rated the hardest of the web challenges by the organizers. In total, 4 teams were able to solve this challenge.
SummaryScript Runner hosts a service to run scripts that you upload! ...
Defeating Windows Credential Guard
Microsoft introduced Credential Guard in Windows 10 Enterprise and Windows Server 2016. It is enabled by default on all systems running Windows 11, version 22H2 and later that meet the requirements. It is assumable that Microsoft will enable Credential Guard on Windows server by default too in the future.
Before we continue, this blog is heavily based on Oliver Lyak’s blog: https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22. Oliver Lyak did all of ...
NTLM Relay 2 self without Printer Spooler and DNS
If you landed on a system as a user with low privileges inside a domain, you could coerce the system to authenticate to itself over HTTP (WebDAV), and relay that request to the domain controller using ntlmrelayx. NTLM relay attacks are not new, and have been a big attack surface in the Windows realm for years. However, preventing relay attacks over HTTP are harder to counter and may even be unpatchable (forever day).
There are a few methods to go perform this attack. One common way is to use Pri ...
My OSCP preparation and exam experience
Disclaimer: I am not allowed to share any details about the exam I took, so it will be more a general view of it.
PreparationAlthough I have some experience with pentesting, I did not want to underestimate the exam. Before I bought the course from Offensive Security, I already completed 100+ boxes on HackTheBox. I also completed four ProLabs from HackTheBox; Dante, Zephyr, Offshore and Rastalabs. These boxes and prolabs thought me basically everything I needed to know for the exam
In the beginni ...
Hacking the Bitwarden vault PIN
Unlock with PIN is a Bitwarden feature to unlock your vault instead of using your masterkey. Bitwarden introduced this feature, but never raised the security issues within the extension or app. This blog post will show how to retrieve the PIN back from the Firefox extension data.
Bitwarden unlock with PIN featureBitwarden’s “Unlock with PIN” feature is a functionality designed to provide users with a quicker way to access their vault of stored passwords, secure notes, credit card information, an ...
Security Risks For Building Projects In Visual Studio
It is very easy to clone a GitHub repository to Visual Studio, build it and use it. Who even cares about the source code right? Well, you should. After reading this blog you may want to reconsider building the program without checking it first.
How does Visual Studio build a program?To get a better understanding about the dangers of building a program in Visual Studio, we need to first understand how Visual Studio (VS) actually builds your program.
Visual Studio uses a process called the MSBuil ...
Exploring the new BloodHound Community Edition
In the realm of cybersecurity, Active Directory is a critical component for managing and organizing a network, controlling access to resources, and ensuring security. BloodHound takes a unique approach by utilizing graph theory to map out relationships between different elements in Active Directory, such as users, groups, and computers. This graphical representation helps security professionals identify and understand potential security risks, such as privilege escalation and lateral movement pa ...
Blackfield - HackTheBox
Nmap scanWe begin by doing a nmap scan on the target IP (10.10.10.192).
1**nmap -sCV -T4 --min-rate 10000 -v -oA nmap/tcp_default 10.10.10.192**
1234567891011121314151617181920212223242526# Nmap 7.93 scan initiated Wed Nov 30 10:28:13 2022 as: nmap -sCV -T4 --min-rate 10000 -v -oA nmap/tcp_default 10.10.10.192Nmap scan report for 10.10.10.192Host is up (0.025s latency).Not shown: 993 filtered tcp ports (no-response)PORT STATE SERVICE VERSION53/tcp open domain Simple DNS Plus ...
Bookworm - HackTheBox
Nmap scanWe begin by scanning the box using nmap:
123456789101112131415161718192021# Nmap 7.94 scan initiated Tue Oct 17 07:05:54 2023 as: nmap -sCV -T4 --min-rate 10000 -p- -v -oA nmap/tcp_default 10.10.11.215Nmap scan report for 10.10.11.215Host is up (0.028s latency).Not shown: 65533 closed tcp ports (reset)PORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0)| ssh-hostkey: | 3072 81:1d:22:35:dd:21:15:64:4a:1f:dc:5c:9c:66:e5:e2 (RSA)| ...