• Skip to main content
  • Skip to footer

Andrew Roderos

Networking and Security

  • Blog
  • Resources
    • Book List
    • Freebies
  • About
  • Contact

Penetration Testing

Exploiting PrintNightmare

07/11/2021 by Andrew Roderos Leave a Comment

I am pretty sure that everyone in IT has heard of PrintNightmare (CVE-2021-1675) by now. Most, if not all, of the organizations, have installed KB5004947. However, that patch comes with caveats. On Friday, my colleague, who created the Kaos Corp CTF scenario, reached out to me to let me know that I can exploit the PrintNightmare vulnerability with his test VM, running Windows 2019 Server with the patch. I ran into a few obstacles, so I decided to build a VM locally …

[Read more...] about Exploiting PrintNightmare

Kaos Corp: Habanero

06/17/2021 by Andrew Roderos Leave a Comment

As mentioned in my previous article, our first internal CTF included an offensive security category called Kaos Corp. Since there are multiple hosts in the environment, it's better to break it into a series. In this article, we will concentrate on the host with a hostname of Habanero. Scenario You are a security lead at a renowned University directly supporting the prestigious Scoville Lab. It is a research institute focused on leveraging unprecedented biotechnology techniques to advance …

[Read more...] about Kaos Corp: Habanero

Passed eJPT

05/30/2021 by Andrew Roderos Leave a Comment

Passed eJPT

On Friday, I passed the eJPT certification exam. Since then, I've had a few people asked me about my experience. Instead of answering them one by one, I decided to write a post about my preparation and exam experience. Related: Passed eJPTv2 Cert info According to this security certification roadmap, this cert is a tad higher than CompTIA PenTest+. If I had to speculate on why it's rated higher than PenTest+, it's probably because this cert is 100% practical. Sure, it's a …

[Read more...] about Passed eJPT

Penetration Testing 101 – CTF Edition

12/10/2020 by Andrew Roderos Leave a Comment

Penetration Testing 101

As mentioned in my previous article, I participated in a CTF competition. Part of that CTF competition included OSINT (Open-Source Intelligence) and penetration testing exercises. Today, I want to discuss penetration testing 101 in a CTF environment. Pre-engagement Pentesting in the real world starts with the pre-engagement phase. This phase involves engaging with the client to find out their goals, scope of work, etc. It's different in a CTF environment. Some CTF will give you the …

[Read more...] about Penetration Testing 101 – CTF Edition

Attacking HSRP

09/08/2020 by Andrew Roderos Leave a Comment

Back in the day, the Cisco Press books only covered the Hot Standby Router Protocol (HSRP) topic in the professional-level track. When I did a quick search on CCNA books, I found out that they covered it in CCNA R&S ICND2 200-105 OCG* and the new CCNA 200-301 OCG, Vol 2* books. Both books, however, didn't cover the security vulnerability of such minimal configuration. Thus, attacking HSRP is possible. This post contains affiliate links. If you use these links to buy …

[Read more...] about Attacking HSRP

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2

Footer

WANT TO REACH ME?

Let’s talk!

CONTACT ME

Copyright © 2019–2023 · Andrew Roderos · All Rights Reserved · Privacy Policy · Terms of Use