Writeup for HacktheBox Popcorn

Writeup for Hackthebox: Popcorn

Popcorn is a box that mimics a real world scenario. Attackers will establish the initial foothold by exploiting a vulnerability in a web app.

nmap scan shows ports 80 and 22 are open

Writeup for HacktheBox October

Writeup for Hackthebox: October

October is a slightly difficult box. An attacker needs to apply some advanced techniques to gain root access. The complexity sits in identifying a buffer overflow and exploiting it with the tools available on a Linux system.

Perform a nmap scan of the system

hackthebox craft

Writeup for Hackthebox: Craft

Initial foothold is established through a very common developer mistake: code repository contains a set of credentials inadvertently included in one of the commits.

Perform a port scan using nmap:

 

HackTheBox Postman

Writeup for Hackthebox: Postman

For box Postman, the initial foothold is established by exploiting a security misconfiguration in REDIS. Through this vector an attacker can establish a SSH connection as an unprivileged user.

Enumerate using nmap and notice REDIS port is open

Writeup for HacktheBox Haystack

Writeup for Hackthebox: Haystack

Nmap detects three open ports, ssh, http and elasticsearch

hackthebox travexec

Writeup for Hackthebox: Traverxec

Traverxec is a box labeled Easy. Initial foothold consists of exploitation of improper security settings, followed by exploit of a UNIX binary to bypass local security restrictions.
HackTheBoxHeist

Writeup for Hackthebox: Heist

Heist is a box labeled easy and contains practical enumeration techniques and attack vectors. Initial foothold is achieved by leveraging an improper security configuration.
Start by checking what ports are open:

detect cryptominer aws

Send Slack alerts when large AWS EC2 instances are launched

Once you begin collecting AWS data in Splunk using AWS Addon for AWS, there are a lot of detection capabilities that open up. We will cover the use case of detecting when large EC2 instances are launched, such as instance types 2xlarge, 4xlarge or 8xlarge with or without GPU.

splunk aws add-on inputs

Generate configuration files for Splunk Add-on for AWS using Ansible

The Splunk Add-on for AWS is an addon supporting data collection from AWS services. At the time of writing, it can seamlessly collect AWS config, AWS config rules, AWS Cloudtrail, CloudWatch, Cloudwatch logs and AWS inspector, Kinesis, S3 via SQS and billing data.

nagios mysql

Monitor mySQL DB performance with Nagios

Nagios can be easily set up to handle graphing of mySQL database performance metrics. The set of indicators will be graphed by pnp4nagios, a performance data analyzer and grapher for Nagios.

gnuplot

Console view of ping response times

A visual representation in terminal window can be used to keep a log of commands and their output in a single file and to copy and paste code snips from terminal to emails and chat.