Microsoft Azure Active Directory differentiates between different sign-in types when a user authenticates. For example: Azure Active Directory differentiates between an “interactive” sign-in request and a “non-interactive” sign-in request when a user logs in. An “interactive sign-in request” happens when user authenticates with a username and password and optionally a multi-factor authentication token. Another way of saying this is that an interactive sign-in happens if a user log...| Michael Thelen
Offensive Security’s Penetration Testing with Kali Linux (PWK) course is one of the most recognized ethical hacking and penetration testing courses within the information security industry. It made a name for itself and did so for good reason. The course is known to be very practical, hands-on, and equal parts frustrating as well as difficult. Offensive Security does not want you to just know the theory, they want you to develop and demonstrate practical ability. Because of this the PWK cou...| Michael Thelen
Hack The Box is an online platform that hosts virtual machines that are vulnerable by design to sharpen one’s penetration testing and security skills. While Legacy is an older machine there is still a lot to learn if the exploitation phase is attempted without the use of the Metasploit framework. The vulnerability on this machine is very well known and is often used to teach beginners the basics of penetration testing. Tools Used Nmap Searchsploit Python Msfvenom Ncat Locate Impacket smbser...| Michael Thelen
A few weeks ago, I started the Kioptrix series of vulnerable by design virtual machines with the Kioptrix Level 1, Kioptrix Level 2, Kioptrix Level 3 and Kioptrix Level 4 challenges. In this post I focus on how I solved Kioptrix Level 5 which is, sadly the last machine in the series. If you want to try this challenge yourself it can be downloaded here. Tools Used Netdiscover Nmap Firefox Searchsploit Gobuster Ncat and Nc Gcc Enumeration: Netdiscover As the Kioptrix series are virtual machines...| Michael Thelen
This post is a continuation of the Kioptrix series which I started a few weeks ago with the Kioptrix Level 1, Kioptrix Level 2 and Kioptrix Level 3 vulnerable by design virtual machines. In this post I focus on how I solved the Kioptrix Level 4 challenge. If you want to try this challenge yourself it can be downloaded here. Tools Used Netdiscover Nmap Firefox Gobuster SSH Client Echo MySQL Client Locate Sudo Enumeration: Netdiscover As the Kioptrix series are virtual machines in a downloadabl...| Michael Thelen
A few weeks ago, I started the Kioptrix series of vulnerable by design challenges with Kioptrix Level 1 and Kioptrix Level 2. In this post I focus on how I solved the Kioptrix Level 3 challenge. If you want to try this challenge yourself it can be downloaded here. Tools Used Netdiscover Nmap Firefox Searchsploit Bash scripting MySQL Client John the Ripper SSH Client Sudo Enumeration: Netdiscover As the Kioptrix series are virtual machines in a downloadable and self-hosted format the machine g...| Michael Thelen
Last week I started the often recommended Kioptrix series of vulnerable by design virtual machines with Kioptrix Level 1. This week I focus on Kioptrix Level 2, the next machine in the series. If you want to try this challenge yourself it can be downloaded here. Tools Used Netdiscover Nmap Firefox Searchsploit Python SimpleHTTPServer Wget Gcc Enumeration: Netdiscover As the Kioptrix series are virtual machines in a downloadable and self-hosted format the machine gets an IP address from DHCP w...| Michael Thelen
I am a frequent visitor of several information security communities and blogs. Whenever someone asks a question along the lines of “Are there any real world vulnerable by design challenges” the Kioptrix series keeps getting mentioned. I thought I’d bite the bullet and see what the Kioptrix challenges are all about starting with Kioptrix Level 1 which can be downloaded here. Tools Used Netdiscover Nmap Searchsploit Grep Python SimpleHTTPServer Wget Gcc Enumeration: Netdiscover As the Kio...| Michael Thelen
After completing my eLearnSecurity Certified Professional Penetration Tester v4 (eCPPT) exam I wanted to keep my skills sharp and put my newly gained penetration testing knowledge to the test in a practical lab environment. While visiting the netsecstudents Reddit I found several posts discussing Virtual Hacking Labs. Virtual Hacking Labs is a young company based in the Netherlands that offers an online vulnerable by design penetration testing lab and accompanying course on penetration testin...| Michael Thelen
Hack The Box is an online platform that hosts virtual machines that are vulnerable by design to sharpen one’s penetration testing and security skills. Valentine was a fun machine to compromise as it suffers from a very well-known vulnerability. In addition to this well-known vulnerability one needs several other puzzle pieces to gain root access. This makes the Valentine machine an interesting learning experience. Tools Used Nmap Firefox Gobuster Base64 and Hex en- and decoding Searchsploit...| Michael Thelen
Hack The Box is an online platform that hosts virtual machines that are vulnerable by design to sharpen one’s penetration testing and security skills. Gaining system access on the Chatterbox machine is not very complex as an initial low privilege shell can be obtained through a service with a known vulnerability and publicly available exploit. Elevating privileges and gaining system access can be a bit more challenging as it requires some more advanced techniques. Tools Used Nmap Searchsplo...| Michael Thelen
No Metasploit! you told yourself, as you accepted the challenge of creating an exploit manually. Taking your time carefully preparing the exploit, will it work, will I get a shell? You run the exploit and are greeted with a reverse cmd.exe shell on the Windows victim, your excitement soon fades however as the post exploitation phase begins you need a way to transfer files. Fear not as there is a multitude of ways to transfer files to and from a Windows victim without advanced tools such as Me...| Michael Thelen
This review is about the eLearnSecurity Penetration Testing Professional v4 (PTP) course. Shortly after I completed the course and exam eLearnSecurity released the PTP v5, an update to the PTP v4 course materials. The plan comparison in this review is for the newer PTP v5 all other sections relate to the now deprecated PTP v4 course materials and exam. After completing my eLearnSecurity Junior Penetration Tester v3 (eJPT) exam I was eager to learn more about penetration testing and the penetr...| Michael Thelen
Hack The Box is an online platform that hosts virtual machines that are vulnerable by design to sharpen one’s penetration testing and security skills. Gaining system access on the Optimum machine is not very complex as access can be obtained through several known software vulnerabilities. Because of this the Optimum machine serves as a strong reminder of the importance of timely software updates. Tools Used Nmap Firefox browser Searchsploit Python SimpleHTTPServer Ncat and Netcat Systeminfo...| Michael Thelen
Hack The Box is an online platform that hosts virtual machines that are vulnerable by design to sharpen one’s penetration testing and security skills. While Jeeves is not a very complex machine to compromise gaining administrative access still requires several offensive techniques that offer an interesting learning experience. Tools Used Nmap Firefox browser Gobuster Ncat and Netcat Basic Groovy scripting Basic PowerShell commands John the Ripper KeepassXC Pth-Winexe Enumeration: Nmap Runni...| Michael Thelen
Hack The Box is an online platform that hosts virtual machines that are vulnerable by design to sharpen one’s penetration testing and security skills. Bashed was a fairly easy but fun machine, it has several configuration errors that when chained together allow an attacker to fully compromise the machine and gain root access. Tools Used Nmap Firefox browser Gobuster Ncat Wget Basic shell commands Basic Python scripting Enumeration: Nmap Running an initial scan with Nmap reveals that port 80...| Michael Thelen
A review about the eLearnSecurity Penetration Testing Student v3 course and the related eLearnSecurity Junior Penetration Tester certification and exam.| isroot.nl
How I obtained root access on the Brainpan 1 virtual machine from VulnHub.| isroot.nl