I am pretty sure that everyone in IT has heard of PrintNightmare (CVE-2021-1675) by now. Most, if not all, of the organizations, have installed KB5004947. However, that patch comes with caveats. On Friday, my colleague, who created the Kaos Corp CTF scenario, reached out to me to let me know that I can exploit the PrintNightmare vulnerability with his test VM, running Windows 2019 Server with the patch. I ran into a few obstacles, so I decided to build a VM locally …
Penetration Testing
Kaos Corp: Habanero
As mentioned in my previous article, our first internal CTF included an offensive security category called Kaos Corp. Since there are multiple hosts in the environment, it's better to break it into a series. In this article, we will concentrate on the host with a hostname of Habanero. Scenario You are a security lead at a renowned University directly supporting the prestigious Scoville Lab. It is a research institute focused on leveraging unprecedented biotechnology techniques to advance …
Passed eJPT
On Friday, I passed the eJPT certification exam. Since then, I've had a few people asked me about my experience. Instead of answering them one by one, I decided to write a post about my preparation and exam experience. Related: Passed eJPTv2 Cert info According to this security certification roadmap, this cert is a tad higher than CompTIA PenTest+. If I had to speculate on why it's rated higher than PenTest+, it's probably because this cert is 100% practical. Sure, it's a …
Penetration Testing 101 – CTF Edition
As mentioned in my previous article, I participated in a CTF competition. Part of that CTF competition included OSINT (Open-Source Intelligence) and penetration testing exercises. Today, I want to discuss penetration testing 101 in a CTF environment. Pre-engagement Pentesting in the real world starts with the pre-engagement phase. This phase involves engaging with the client to find out their goals, scope of work, etc. It's different in a CTF environment. Some CTF will give you the …
Attacking HSRP
Back in the day, the Cisco Press books only covered the Hot Standby Router Protocol (HSRP) topic in the professional-level track. When I did a quick search on CCNA books, I found out that they covered it in CCNA R&S ICND2 200-105 OCG* and the new CCNA 200-301 OCG, Vol 2* books. Both books, however, didn't cover the security vulnerability of such minimal configuration. Thus, attacking HSRP is possible. This post contains affiliate links. If you use these links to buy …