Taking a look at what OWASP had in regards to this, we will look at the threat agents and attack vectors, as well as the impacts. “Exploitation of insufficient logging and monitoring is the bedrock of nearly every major incident. Attackers rely on the lack of monitoring and timely response to achieve their goals without …
using components with known vulnerabilities
Really all you need to know is from there the above, but we are going to go as in-depth as possible using the provided link from OWASP here. To start we will look at the threat agents and attack vectors as well as the impacts. “While it is easy to find already-written exploits for many …
Brave the forefront of web 3.0
The Brave web browser is a complete game changer for how everyone will be using the web. Every day more and more people are learning about cryptocurrencies, decentralizing the web and the benefits that come with having a decentralized web. Back in 2008 the chrome web browser launched and it took the world by storm. …
Elevate your productivity with TMUX!
This is a overview of how to use TMUX for the people that haven’t used it before. tmux is a terminal multiplexer for Unix-like operating systems. It allows multiple terminal sessions to be accessed simultaneously in a single window. It is useful for running more than one command-line program at the same time. https://en.wikipedia.org/wiki/Tmux Learning …
Writeup
So this box is going to be a challenge if you have done the 4 previous boxes. It use’s a lot of the same methodology as the previous boxes, where you scan and use and exploit to gain a user shell. Getting root on this box is where this box is tricky, it isn’t difficult …
insecure deserialization
For this, we will be getting all of our information from OWASP which can be found here. We will start off by looking at the Threat agents & attack vectors along with the impact. “Threat Agents/Attack Vectors: Exploitation of deserialization is somewhat difficult, as off the shelf exploits rarely work without changes or tweaks to …
Cross-site scripting XSS
OWASP The more of these documents that I have made I have realized that there is a pretty big difference between what you learn from PortSwigger and OWASP. I find that OWASP provides good foundational documentation of the vulnerabilities whereas PortSwigger shows you the practical side of the vulnerabilities. To start I am going to …
Security misconfiguration
All material regarding Security Misconfiguration will be provided to us by OWASP, We will start off just like the others looking at the threat agents and attack vectors. “Attackers will often attempt to exploit unpatched flaws or access default accounts, unused pages, unprotected files, and directories, etc to gain unauthorized access or knowledge of the …
Future Plans & Feedback
The site is almost at a total of 500 views, which doesn’t sound like a lot but means a lot to me. The more content I put out the more views the website gets. Getting this site to grow and maintain new information is something I do on the side, and I try and do …
Irked
Are you ready to hack Irked? For this box, I recommend that you finish blue, legacy, and lame beforehand to build up some base knowledge. This box is a little bit more advanced than the previous ones, and will require a few different techniques. Starting this box off, I ran an sv scan to get …