DC:6 can serve as a light introduction to WordPress pen testing with WPScan.
This Vulnhub VM featured some decent, realistic web entry points that I enjoyed.
Security
My OSCP Review… or what I would have done differently
I passed the exam on December 8, 2018. And then, eventually, went on to root all of the regular lab machines (~55) in all of the subnets. It was a blast!
This review will focus on some topics where I may have disagreed with the majority.
digitalworld.local: DEVELOPMENT Vulnhub Walkthrough
This is a very easy web-focused VM, done in the style of some OSCP/PWK lab machines. You can download it here.
If you have experience with web pen testing and Linux this should be a quick pwn, and if you’re new, it’s a decent first box to try.
Few tools are needed other than your browser, NMAP, and an SSH client.
Continue reading →
Web Developer: 1 Vulnhub Walkthrough
“Web Developer” is the first in a new series of vulnerable machines by Fred Wemeijer on Vulnhub.
HackInOS: 1 Vulnhub Walkthrough
The author describes HackInOS as a “beginner level CTF style” VM.
Continue reading →
Stapler 1: Vulnhub Walkthrough
Here’s a simple and fun vulnerable VM I completed in preparation for the OSCP.
It was ranked as beginner/intermediate with at least 2 paths to limited shell, and 3 paths to root.
Continue reading →
Taking on the CISSP Monster
A year ago, I looked at the CISSP and thought it looked unattainable.
I chalked it up as a “long-term” goal, maybe in 5 years.
But after passing the CEH and PenTest+ in 2018, I gained more confidence and decided to dive in.
Everyone’s shared stories helped me immensely in my journey, and maybe I can help you, too.
Continue reading →
Basic Pentesting: 2 Walkthrough
Here’s another easy VulnHub VM.
My goal this month is to increase the speed that I pop these boxes, in preparation for the OSCP.
I had already completed the first entry in the Basic Pentesting series by this author in about 20 minutes, and wanted to see if I could crack this one in under an hour as well. The author states that it is a “a moderate step up in difficulty” from the first.
Let’s dig in!
LazySysAdmin: 1 Walkthrough
LazySysAdmin is another VulnHub CTF.
The description suggests you shouldn’t overthink this. The author states that it was built out of frustration from failing the OSCP exam and that you should be looking right “in front of you” for the answers.
The description intrigued me, as my main goal this month has been to increase the speed that I solve these VMs and reduce the time wasted in rabbit holes.
CompTIA PenTest+ Study Guide
Here’s my study guide for the CompTIA PenTest+ beta exam. I have yet to take the test, but have been following the random public comments shared by others.
All of these topics are from the exam objectives, but some things are mentioned more often online than others. I’m focusing my studies on what people are talking about the most.
Must Know for the CompTIA PenTest+
Or, what to study hardest…
