Capture the Flag on Musings of a Pentester

Capture the Flag on Musings of a Pentesterhttps://blog.tobyjackson.io/categories/capture-the-flag/Recent content in Capture the Flag on Musings of a PentesterHugo -- 0.154.2en-gbFri, 24 Mar 2023 18:37:30 +0000Exploiting Active Directory Certificate Services - ESC11 Walkthroughhttps://blog.tobyjackson.io/blog/exploiting-active-directory-certificate-services-esc11-walkthrough/Fri, 24 Mar 2023 18:37:30 +0000https://blog.tobyjackson.io/blog/exploiting-active-directory-certificate-services-esc11-walkthrough/An overview and lab exploitation example of the ESC11 vulnerability, present in Active Directory Certificate Services when request encryption is disabled.10 Things I Learnt in My First Year as a Penetration Testerhttps://blog.tobyjackson.io/blog/10-things-i-learnt-in-my-first-year-as-a-penetration-tester/Sat, 31 Dec 2022 22:31:26 +0000https://blog.tobyjackson.io/blog/10-things-i-learnt-in-my-first-year-as-a-penetration-tester/A reflective look back on what my first year as penetration tester/cyber security consultant taught me, and how those lessons can potentially help you.Hack the Box Walkthroughs: Hathorhttps://blog.tobyjackson.io/blog/hack-the-box-walkthroughs-hathor/Sat, 19 Nov 2022 18:06:04 +0000https://blog.tobyjackson.io/blog/hack-the-box-walkthroughs-hathor/Hathor from Hack the Box was an Insane Windows machine that involves exploiting a misconfigured file upload, then identifying credentials in log files, before performing some DLL hijacking and finally, abusing an account with replication rights to obtain the administrator’s password hash.Automating the Creation of TCM Security's PEH Home Active Directory Labs - It's Terra-fyinghttps://blog.tobyjackson.io/blog/automating-the-creation-of-vulnerable-active-directory-labs-with-terraform-how-terra-fying/Wed, 11 May 2022 21:40:03 +0000https://blog.tobyjackson.io/blog/automating-the-creation-of-vulnerable-active-directory-labs-with-terraform-how-terra-fying/A guide on how to terraform the Active Directory Home Lab from the Practical Ethical Hacking course by TCM Security - and coincidentally - My first attempt at Infrastructure-as-Code and DevOps!Hack the Box Walkthroughs: Anubis - Using SliverC2https://blog.tobyjackson.io/blog/hack-the-box-walkthrough-anubis-using-sliverc2/Fri, 06 May 2022 19:20:46 +0000https://blog.tobyjackson.io/blog/hack-the-box-walkthrough-anubis-using-sliverc2/In an attempt to broaden my skill set, I’ll be using the SliverC2 to complete Hack the Box machines and learn more about this fantastic Command and Control framework. This time around it’s the retired box: Anubis!