Bonjour fellow offsec bugs. I have a super special h@shtalk for you today.
I know it’s been a while, but I’m starting a journey that I have a feeling is going to be super important for me and I’d like to have it documented.
Today I pwned my first challenge on Hack The Box and since I want to make this a daily thing I believe it won’t hurt to share what I learned here.
Of course, having the rules of the platform, where only write-ups of retired HTB machines or challenges are allowed here’s a little ‘emdee five for…
Defend The Web is a website for solving Capture The Flag challenges. It provides a variety of challenges with different difficulty levels and covers several domains.
The problem: A blank password prompt given.
The solution: Opened inspect element and looked through the java script code. At the bottom, there was a keyword which was the solution to the challenge.
If you’re looking for someone to help you with auditing and compliance of your AWS resources, someone to help you record configurations and changes over time, someone to let you know every time a resource is non-complaint with your security rules, you would think you need several different people for the job, but you don’t. You just need AWS Config.
AWS Config is a tool used for auditing and compliance of your AWS resources. It helps with defining security requirements for your Infrastructure Posture and with developing Config Rules.
When we talk AWS Config we talk Continuous Compliance. Continuous compliance…
Starting with some basics let’s elaborate what URL actually stands for and how can one become an expert in reading URLs so you are always educated about what you’re clicking.
URL stands for Uniform Resource Locator. A URL is nothing more than the address of a given unique resource on the Web. In theory, each valid URL points to a unique resource. Such resources can be an HTML page, a CSS document, an image, etc. In practice, there are some exceptions, the most common being a URL pointing to a resource that no longer exists or that has moved.
Being ‘busy’ has recently become a new trend, and while there is absolutely nothing wrong with being busy, being productive is still number one on all the lists that hard working people have. And while being productive does mean working hard, it also means working smart.
If you are someone that uses Google Services on a daily basis, especially Google Sheets, Google Docs, and you have never heard of Apps Script, then may I just say: “Welcome to all things automated”.
Apps Script is a tool provided by Google that lets you build solutions to boost your collaboration and productivity…
The AWS Command Line Interface is an open source tool that enables you to interact with AWS Services using commands in your command-line shell.
The AWS CLI provides direct access to the public APIs of AWS Services. You can explore a service’s capabilities with the AWS CLI, and develop shell scripts to manage your resources.
Installing AWS CLI is fairly easy, and a step-by-step guide on how to install aws-cli on your OS can be found in their official documentation.
Once you install AWS CLI, a secret directory
To configure your account, the easiest way is to use…
The usage of stress tools is part of the Vulnerability Analysis in the process of Ethical Hacking . Stressing tools are used to create Denial of Service attacks, meaning the system receives more traffic than it’s normal operational capacity, or to create the stress test for different applications so
as to take appropriate measures for the future.
The general idea of these kinds of tools is to overwhelm the web application resources and test the application recoverability. In this paper, we are going to look at five different Kali Linux stress testing tools. …
Splunk is a software mainly used for searching, monitoring, and examining machine-generated Big Data through a web-style interface. It performs capturing, indexing, and correlating the real-time data in a searchable container from which it can produce graphs, reports, alerts, dashboards, and visualizations.
One of the most important concept in Splunk is: Searching. Data can get big real fast, and almost always we are looking for something specific from that pile of data. That’s why it’s extremely important to have the skill to be able to find what you’re looking for.
However to understand the concept of Searching, first there are…
Email Header Analysis might be a very important segment of a forensic investigation and although now there are a lot of tools online that can do this for you, it is a skill to be able to read and understand the email header yourself.
For starters, let’s define some basic email terminology:
Mail User Agent (MUA) - client application running on your computer that is used to send and receive email.Mail Transfer Agent (MTA) - accepts messages from a sender and routes them along to their destinations.Sender Policy Framework (SPF) - defines a mechanism by which an organization…
AWS Security tools are divided into 6 crucial components that form the pyramid of AWS Security. Those are:
1. Identity and Access Management
2. Detective Controls
3. Infrastructure Protection
4. Data Protection
5. Incident Response
6. DDoS Mitigation
The tools used for Identity and Access Management in AWS are:
1. AWS IAM Users and Groups - mechanism for creating and managing individual users and their permissions2. Secrets Manager - to manage secrets used to access AWS resources3. Single Sign-On - centralized sign-on4. Security Token Service - web service that enables to request temporary, limited privilege credentials for…