Today, I received an email from INE that I passed my eJPTv2 beta exam. It means that I obtained the eJPT certification again, but this time it is for version 2. I discussed my beta exam experience here. I suggest you read it and come back to this. There might be some information that you would want to know before reading the rest of this post. Preparation I received an email from INE on August 8th that they selected me to participate in the eJPTv2 beta program. I started going …
Offensive Security
Kaos Corp: Cayenne
In the previous article, we found the ransomware key, and now we are on the hunt for the Windows AD domain controller to decrypt the research data, which also contains the flag. In this article, we will concentrate on the host named Cayenne. Discovery Since we already performed host discovery, we do not need to do it again. However, we need to figure out which ones are Windows-based hosts out of the three left. The quickest way to figure out if a host is running Windows is by pinging, …
Exploiting PrintNightmare
I am pretty sure that everyone in IT has heard of PrintNightmare (CVE-2021-1675) by now. Most, if not all, of the organizations, have installed KB5004947. However, that patch comes with caveats. On Friday, my colleague, who created the Kaos Corp CTF scenario, reached out to me to let me know that I can exploit the PrintNightmare vulnerability with his test VM, running Windows 2019 Server with the patch. I ran into a few obstacles, so I decided to build a VM locally …
Kaos Corp: Habanero
As mentioned in my previous article, our first internal CTF included an offensive security category called Kaos Corp. Since there are multiple hosts in the environment, it's better to break it into a series. In this article, we will concentrate on the host with a hostname of Habanero. Scenario You are a security lead at a renowned University directly supporting the prestigious Scoville Lab. It is a research institute focused on leveraging unprecedented biotechnology techniques to advance …