Why is privacy important

• “You might not have anything to hide, my friend. But you have everything to protect.” — Mikko Hypponen
• “Arguing that you don’t care about the right to privacy because you have nothing to hide, is no different than saying you don’t care about free speech because you have nothing to say” — Edward Snowden

Cleanup

• Remove bloatware
• Remove unused programs
• Only install software that is needed
• Deleting old messages
• Delete call history
• Remove unused files
• Move sensitive files into external drives
• Clear Browser Data: Cookies, Cache (Activate auto delete)
• Disable Data Collection in Settings
• Delete Data Collected, e.g.: Google My Activity
• …

Cybersecurity skills are quite in demand. With all the hacking going on, like the Colonial Pipeline Attack or the recent Kaseya supply chain compromise, Cybersecurity skills are very valuable. But getting first started in Cybersecurity is not very easy. If you are interested in IT Security and ask yourself the following questions, then this blog post is exactly for you:

• How do I get started?
• How can I get hands-on experience?
• Which skills should I learn?

As you have probably already seen on my blog, I post CTF WriteUps. Security CTFs (Capture the flags) are one of the best ways…

This challenge is from Blue Team Labs Online. Recently the networks of a large company named GothamLegend were compromised after an employee opened a phishing email containing malware. The damage caused was critical and resulted in business-wide disruption. GothamLegend had to reach out to a third-party incident response team to assist with the investigation. You are a member of the IR team — all you have is an encoded Powershell script. Can you decode it and identify what malware is responsible for this attack?

After unzipping the file, we get two text files:

The ps_scipt.txt file contains the malicious powershell…

VulnNet: Internal is a boot2root room on TryHackMe. It has Easy difficulty. After getting the Redis password from NFS, it was possible to get the password for Rsync. With that password it was possible to upload a authorized_keys file. After connecting to the machine over SSH, there was a Teamcity instance running behind the firewall. The Teamcity port was forwarded to the attacker machine. This allowed connecting to the instance. Login was possible with authentication keys, which could be obtained through logs. After loggin into Teamcity, a malicious build pipeline was created. This pipeline has set the SUID bit on…

Cat Pictures is a boot2root room on TryHackMe. It has Easy difficulty. Initial access on the machine has been done over a custom shell and port. Later an SSH key could be acquired. After the SSH connection, we have root rights inside a Docker container. Escaping from that container was possible due to a writeable script inside the container, which was run in a cronjob outside the container.

Enumeration

Starting with a full port scan shows that an HTTP Server is running on port 8080.

sudo nmap 10.10.16.67 -p- -oN nmap/all_ports

# Nmap 7.91 scan initiated Sun Jun 20 13:15:28 2021 as…

Description

Glitch is a room on TryHackMe. It has “Easy” difficulty. Initial foothold on the machine could be obtained by a remote code execution flaw in the API. Privilege escalation to root could be accomplished by reused credentials that were stored inside a Firefox profile.

Enumeration

The enumeration started with Nmap. It revealed that Nginx was running on port 80.

Description

Wreath is a network on TryHackMe. The network contains one public facing web server and two other clients inside the internal network. The goal was to perform a penetration test against this network and write a report. Initial foothold inside the network was done by exploiting a vulnerable Webmin version. After that the attacker could pivot to another server, that was running a vulnerable version of GitStack. From there the developer machine could be compromised by exploiting a unrestricted file upload vulnerability. On the developer machine, the privilege escalation to SYSTEM has been done by abusing an unquoted service path.

…

Description

“UltraTech” is a boot2root machine on TryHackMe. It has intermediate difficulty. You have been contracted by UltraTech to pentest their infrastructure. It is a grey-box kind of assessment, the only information you have is the company’s name and their server’s IP address.

Initial access to the machine could be obtained through a command injection vulnerability in the API. After that credentials could be dumped from a SQLITE database file. The hashed passwords could be cracked. The credentials were used to escalate privileges to another user on the box. The user was inside the docker group. …