Looking for a video on a specific hacking technique/tool? Check out https://t.co/yqxaZuwoyu - Searches over 100 hours of my videos to find you the exact spot in the video you are looking for.

#HackTheBox RustyKey is now up! This box did a nice job showcasing a variety of Windows Exploitation. It starts w/TimeRoasting a computer account, which leads to a compromise 2 sets of credentials. Then we perform COM Hijacking & ends w/ a delegation

If you're using writeups to learn how to hack on HackTheBox (or other CTFs), use AI as a tutor. In this video I'll show a free prompt to use, as well as a Claude Skill I developed. https://t.co/5PfEhDNPrb

HackTheBox Voleur video is now up! This box had really felt like a pentest with the hopping through multiple support groups. It's also pretty cool to see boxes helping improve opensource tools like NetExec, there's a "tombstone" PR adding functionality. https://t.co/ZiRDJHnsSM

HackTheBox Backfire was a really fun box that involved hacking two OpenSource C2's and abusing sudo with iptables[-save] to get root. I really enjoyed exploiting havoc as you had to combine two exploits to get RCE. https://t.co/7Jb4uvzxmw

Just made the Wanderer Prep playlist live! It’s designed to help people get started with the Wanderer Pro Lab on Hack The Box (which I created). Even if you don’t plan on playing Wanderer, I’d still recommend checking this playlist out—it highlights a lot of the techniques I’ve

PHP Filters are the gift that keeps on giving, it blows my mind that in PHP you can convert an FileOpen() into a File Disclosure, which includes SSRF. Essentially, you use the filter to mutate the file into something much larger so that it causes an error. Then you use another

#HackTheBox EscapeTwo Video is now up! This is an easy Windows box that starts out with finding an MSSQL Password on a File Share and ends with taking over a user, which can then take over a certificate template (ESC4). Check it out:

If anyone is looking for something to watch, Murderbot has been surprisingly good. Apple TV always surprises me with how good their shows are.

#HackTheBox BigBang Video is up! And it shows something I didn't know was possible, getting RCE on a file_get_contents call within PHP. It is patched as of PHP 8.3.8 (~June 2024) but I'm sure there are unpatched webservers out there. https://t.co/gmZEsAEfmH

It's also not the first time just searching ippsec on issues shows a couple others, and I know there have been more.

I'm at a loss for words with how quick the netexec team puts in fixes. Video has been out for 4 hours, and @mpgn_x64 already put in a fix. Some open source communities are just flat out amazing. https://t.co/D9IGz5VCEE

When I first saw the box, I thought it was odd that it was marked hard while giving you the first set of credentials, as Active Directory is normally pretty easy. However, a lot of the paths were really well hidden from BloodHound. The foothold involves a computer that is a

The HackTheBox Vintage video is now up! This was a Hard Assumed Breach Box that was almost 100% Active Directory, the only piece that isn't technically AD is decrypting the DPAPI Credential Store. Definitely a fun one for those AD Lovers

New video in my Hackers for Golang series: Dependency Injection. Covers why it’s crucial for clean code, with Python examples before Go. It’s complex but worth learning early. Check it out and let me know your thoughts! https://t.co/Gp9GmEeuV1

HackTheBox Administrator video is now up! This is an assumed breach box, meaning we started out with credentials. The path is primarily AD taking advantage of GenericAll to set a password and GenericWrite to set an account up for Kerberoasting:

If you have valid user creds and you know the victim uses Confluence and SSO, but M365 requires MFA, you can use those credentials to see if you can trigger an SP-Initiated SAML authentication to retrieve an SSO token. It's more complex, but, did this on a red team once.

#HackTheBox LinkVortex video is up! An easy box that starts off with discovering a .git dir, which contains a cached file with a cred, that leads to exploiting an outdated version of blogging software. Root is a bash script which we exploit 3 diff ways

Device Code Auth is certainly a phish I could see myself falling for, as it blends in with a regular meeting invite and doesn't require entering my password. If you don't know what a Device Code Phish is, check out this video @odiesec and I did.

Anyways, let me know what you think. Comments will help me make the rest of the series better -- And if you need more explanations of the basic, I'm happy to do an episode 0 to serve as a better introduction to golang.

As I say in the intro, the code here is what I would consider most beginners write. That is by design, as I hope you all can understand it. When we add more advanced concepts, it helps you relate to them better, which should help retention.