Open in app

Sign In

Write

Sign In

sif0
sif0

388 Followers

Home

About

Aug 24

Thoughts of an Infosec Training and Certification Junkie: Part 1

The opinions expressed in this material are solely my own and do not express the views or opinions of people, institutions, or organizations that I may or may not be associated with in a professional or personal capacity unless explicitly stated. It has been five fantastic years since I jumped…

Infosec

12 min read

Thoughts of an Infosec Training and Certification Junkie: Part 1
Thoughts of an Infosec Training and Certification Junkie: Part 1
Infosec

12 min read


Mar 14

Harvesting User Information Through Facebook Ads

Harvesting User Information Through Facebook Ads I wrote this blog to show how scammers can retrieve user information via Facebook ads. I am unsure how Facebook addresses this, which is for another conversation. What we’ll specifically look at is an exciting ad for Aer. Aer is a company in San…

Scam

7 min read

Harvesting User Information Through Facebook Ads
Harvesting User Information Through Facebook Ads
Scam

7 min read


Dec 24, 2020

My Journey to being an OSCP

I started setting OSCP as a goal back in 2018 when I decided to shift my focus on security testing. As I am a person who often jumps into rabbit holes and to never ending research on what certification would be the best in terms of practicality and budget, I…

Oscp

6 min read

My Journey to being an OSCP
My Journey to being an OSCP
Oscp

6 min read


Published in

InfoSec Write-ups

·Oct 3, 2020

Hack the Box — Blackfield

Blackfield is a 40-point machine from Hack the Box which requires you to exploit mistakes done after a recent computer forensic investigation recently done on the machine. The files left valuable information about the machine, usually extracted when doing computer forensics, which includes a dump of LSASS. Gaining access to…

Active Directory

11 min read

Hack the Box — Blackfield
Hack the Box — Blackfield
Active Directory

11 min read


Sep 9, 2020

Attacking and Defending Active Directory — Review

Due to my growing interest with Active Directory security, I began my journey to get experience and better understand how it works. There are very few trainings out there that provides Active Directory security training that is accompanied by a lab, and one of those few is Pentester Academy. …

Pentesting

5 min read

Attacking and Defending Active Directory — Review
Attacking and Defending Active Directory — Review
Pentesting

5 min read


Published in

InfoSec Write-ups

·Jul 18, 2020

Hack the Box — Sauna Write-up(w/ Covenant C2)

Sauna is an Easy-difficulty machine from Hack the Box created by egotisticalSW. I felt that this box is realistic as it requires you to craft potential usernames based from their public website. I also decided to show a C2 framework, in which I chose Covenant, which is also the same…

Red Team

15 min read

Hack the Box — Sauna Write-up(w/ Covenant C2)
Hack the Box — Sauna Write-up(w/ Covenant C2)
Red Team

15 min read


Published in

InfoSec Write-ups

·Jul 15, 2020

Hack the Box — Sizzle Write-up

Sizzle is an Insane-difficulty machine from Hack the Box created by mrb3n and lkys37en, of which are the authors of 2 out of 3 Hack the Box Pro Labs that are currently available. Sizzle is a fairly old machine as it was released January of 2019. I decided to work…

Active Directory

16 min read

Hack the Box — Sizzle Write-up
Hack the Box — Sizzle Write-up
Active Directory

16 min read


Published in

InfoSec Write-ups

·Apr 30, 2020

Intro to Nmap

I decided to write articles on common tools used by security professionals. The goal of this series is to introduce how a tool works, where it is useful, and maybe leave a few tricks that you can adopt. I’ll start with a scanning tool called Nmap. What is Nmap? From…

Security

6 min read

Intro to Nmap
Intro to Nmap
Security

6 min read


Published in

InfoSec Write-ups

·Apr 25, 2020

HacktheBox — Control

TL;DR: Control is a Windows machine that allows you to play with basic SQL Injection and a little of PowerShell. It’s a fun box to teach you Windows concepts without having an SMB service running. It starts of with an admin page accessible by using the X-Forwarder-For Header. Access to the…

Windows

10 min read

HacktheBox — Control
HacktheBox — Control
Windows

10 min read


Published in

InfoSec Write-ups

·Mar 21, 2020

HacktheBox — Forest

TL;DR Forest is in the list of my favorite machines. It exposes you to different tools and offers practical usage of enumerating, interacting, and exploiting services usually related to Windows Active Directory. It starts with enumerating a user through RPC and exploiting Kerberos Pre-Auth to get the user’s password. The user…

Active Directory

9 min read

HacktheBox — Forest
HacktheBox — Forest
Active Directory

9 min read

sif0

sif0

388 Followers

Penetration Tester | Aspiring Red Team Operator 🇵🇭

Following
  • Vickie Li

    Vickie Li

  • Japz Divino

    Japz Divino

  • InfoSecDad

    InfoSecDad

  • nav1n

    nav1n

  • Scott J Roberts

    Scott J Roberts

See all (32)

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams