The training websites
Where to go to practice your skills| mh4ckt3mh4ckt1c4s' blog
Context For designing and teaching computer science labs, one need to allow students to be able to start easily, while ensuring that the lab is doable the same way by everyone, and facilitating the troubleshooting by the teacher. Between the labs I have been taught and the ones I taught myself, I witnessed several ways of distributing lab environments to students, each way with its ups and downs. The easiest is to just ask the students to install the necessary tools and software, either on th...| Welcome ! on mh4ckt3mh4ckt1c4s' blog
This challenge is dealing with a vulnerable Kubernetes node on which is installed Ansible (AWX). Challenge info : We have located Monkey Business operator blog where they are leaking personal informations. We would like you to break into their system and figure out a way to gain full control. Recon The challenge info does not really any useful tips, so we start with a scan with nmap : # Nmap 7.92 scan initiated Sat Jul 16 12:37:01 2022 as: nmap -v -p- -sC -A -T4 -oA scan 10.129.188.134Nmap sc...| Welcome ! on mh4ckt3mh4ckt1c4s' blog
This challenge is shining a light on different AWS solutions working together in order to create a functional website. It is in my opinion very interesting to see how the cloud technologies are replacing the standard websites and servers, and what possible misconfigurations and security risks this shifting create. Challenge info : With increasing breaches there has been equal increased demand for exploits and compromised hosts. Dark APT group has released an online store to sell such digital ...| Welcome ! on mh4ckt3mh4ckt1c4s' blog
This challenge is on AWS and one of its products, Lambda. It allowed me to go deeper into the AWS CLI and how to manipulate it to gain access on cloud infrastructures. Challenge info : One of the local shops in your city is realising new costumes. Go grab them before they run out as the available stock is very limited. Recon Unlike the first one, we don’t immediately know what kind of cloud we’re dealing with. Let’s enumerate with nmap :| Welcome ! on mh4ckt3mh4ckt1c4s' blog
This challenge is a very interesting one on Kubernetes. Even if it is not that hard, it made me practice and learn more about the inner workings of Kubernetes, its various components and how to exploit them. Challenge info : We've installed our Kubernetes cluster inside a steam powered computer, however there's a lot of smoke, therefore we think a bolt is missing. Could you please investigate? Recon The cloud is a category who is beginning to be more and more popular in CTFs. I really didn’...| Welcome ! on mh4ckt3mh4ckt1c4s' blog
I tested many OSes before choosing to try Archlinux : my main goal then was to learn the inner workings of an OS and the interactions between the many components by installing and configuring them one by one. After a few months trying (and configuring) it, I really loved it, and now I’m using Arch as my OS. I’m listing here all the components I assembled in order to create myself a fully functional and custom OS.| Welcome ! on mh4ckt3mh4ckt1c4s' blog
Blog posts Here you’ll be able to find all the blog posts about anything and everything I’m doing, e.g. CTF writeups, links list, tutorials, feedbacks…| mh4ckt3mh4ckt1c4s' blog
What happened, and an investigation of the malware| mh4ckt3mh4ckt1c4s' blog
