Looking for a video on a specific hacking technique/tool? Check out - Searches over 100 hours of my videos to find you the exact spot in the video you are looking for.

HackTheBox Backfire was a really fun box that involved hacking two OpenSource C2's and abusing sudo with iptables[-save] to get root. I really enjoyed exploiting havoc as you had to combine two exploits to get RCE.

Just made the Wanderer Prep playlist live! It’s designed to help people get started with the Wanderer Pro Lab on Hack The Box (which I created). Even if you don’t plan on playing Wanderer, I’d still recommend checking this playlist out—it highlights a lot of the techniques I’ve.

PHP Filters are the gift that keeps on giving, it blows my mind that in PHP you can convert an FileOpen() into a File Disclosure, which includes SSRF. Essentially, you use the filter to mutate the file into something much larger so that it causes an error. Then you use another.

#HackTheBox EscapeTwo Video is now up! This is an easy Windows box that starts out with finding an MSSQL Password on a File Share and ends with taking over a user, which can then take over a certificate template (ESC4). Check it out:

If anyone is looking for something to watch, Murderbot has been surprisingly good. Apple TV always surprises me with how good their shows are.

#HackTheBox BigBang Video is up! And it shows something I didn't know was possible, getting RCE on a file_get_contents call within PHP. It is patched as of PHP 8.3.8 (~June 2024) but I'm sure there are unpatched webservers out there.

It's also not the first time just searching ippsec on issues shows a couple others, and I know there have been more.

I'm at a loss for words with how quick the netexec team puts in fixes. Video has been out for 4 hours, and @mpgn_x64 already put in a fix. Some open source communities are just flat out amazing.

When I first saw the box, I thought it was odd that it was marked hard while giving you the first set of credentials, as Active Directory is normally pretty easy. However, a lot of the paths were really well hidden from BloodHound. The foothold involves a computer that is a.

The HackTheBox Vintage video is now up! This was a Hard Assumed Breach Box that was almost 100% Active Directory, the only piece that isn't technically AD is decrypting the DPAPI Credential Store. Definitely a fun one for those AD Lovers

New video in my Hackers for Golang series: Dependency Injection. Covers why it’s crucial for clean code, with Python examples before Go. It’s complex but worth learning early. Check it out and let me know your thoughts! .

HackTheBox Administrator video is now up! This is an assumed breach box, meaning we started out with credentials. The path is primarily AD taking advantage of GenericAll to set a password and GenericWrite to set an account up for Kerberoasting:

RT @IAMERICAbooted: If you have valid user creds and you know the victim uses Confluence and SSO, but M365 requires MFA, you can use those….

#HackTheBox LinkVortex video is up! An easy box that starts off with discovering a .git dir, which contains a cached file with a cred, that leads to exploiting an outdated version of blogging software. Root is a bash script which we exploit 3 diff ways

Device Code Auth is certainly a phish I could see myself falling for, as it blends in with a regular meeting invite and doesn't require entering my password. If you don't know what a Device Code Phish is, check out this video @odiesec and I did.

Anyways, let me know what you think. Comments will help me make the rest of the series better -- And if you need more explanations of the basic, I'm happy to do an episode 0 to serve as a better introduction to golang.

As I say in the intro, the code here is what I would consider most beginners write. That is by design, as I hope you all can understand it. When we add more advanced concepts, it helps you relate to them better, which should help retention.

After using Python for so long, I've been trying to switch to GoLang over the last two years just to try something new. I'm finally somewhat confident in being able to write I'd try to create a video series to help others. This is the first video:

#HackTheBox Ghost is up! This box feels like you are attacking a small network. Some things we will exploit: LDAP Injection, Rust Webserver, AD Federation, MSSQL Linked Databases, and escalating from a child -> Parent domain via bi-directional trust.

#HackTheBox MonitorsThree is up! The root of this box features exploiting backup software to create and restore a malicious backup. There's also a pretty good example of when to use error based SQL injection as part of getting a foothold on the box.