Toby Jackson

Welcome Back Hello, it’s been a hot minute again. How are you? I’m great, thanks for asking! Today I wanted to just drop a quick blog to get my current thoughts onto the page regarding where we’re going with AI, its consequences, and how I’m approaching the short term (1-5 years) for my career. This post is merely a prediction, my analysis, a faux prophecy if you will, based on everything I read, surmise, and my general gut feelings when using AI every day. Do not construe it as a given, nor modify your path based on my ramblings! ...

An often undiscussed topic in the pentesting world is what truly sets apart a senior penetration tester from a junior or mid-level consultant? Today, you get my thoughts on this! If you are not a senior but want to climb the ladder, read on, you may learn a thing or two (or you’ll disagree, which is also fine)! You see, there are thousands of blogs about how to get better technically at pentesting. Hell, there are entire platforms dedicated to it. But very few target the less technical side, the side that focuses on your personality, your characteristics, your unique charm! So, here we are. ...

An overview and lab exploitation example of the ESC11 vulnerability, present in Active Directory Certificate Services when request encryption is disabled.

A reflective look back on what my first year as penetration tester/cyber security consultant taught me, and how those lessons can potentially help you.

Hathor from Hack the Box was an Insane Windows machine that involves exploiting a misconfigured file upload, then identifying credentials in log files, before performing some DLL hijacking and finally, abusing an account with replication rights to obtain the administrator’s password hash.

A guide on how to terraform the Active Directory Home Lab from the Practical Ethical Hacking course by TCM Security - and coincidentally - My first attempt at Infrastructure-as-Code and DevOps!

In an attempt to broaden my skill set, I’ll be using the SliverC2 to complete Hack the Box machines and learn more about this fantastic Command and Control framework. This time around it’s the retired box: Anubis!

A blog post for me to try and finally fully understand the internals of how Kerberos and Active Directory authentication works within a domain (and how it’s broken).

A review of ZeroPointSecurity’s Certified Red Team Operator course.

A thorough review of The Cyber Mentor’s new certification: The Practical Network Penetration Tester. Wondering what I thought of this new certificate disrupting the industry? Fear not! Let’s dive right in.