Introduction

Hello! I am currently working as a penetration tester, and I have earned my OSCP, OSEP, and OSWE certifications. I'm currently working on the OSED course materials in my final course while working towards the OSCE^3.

I try to keep pretty thorough and sanitized notes as I work through different training courses, CTF's, and machines on platforms like Hack The Box. I publish these notes, when allowed, in the hope that they can help somebody understand a task or technique they're struggling with.

Table of Contents

CTF Writeups

FireEye

• FlareOn 2020
  • fiddler
  • garbage
  • wednesday
  • report

Hack The Box

• HTB Boxes
  • SwagShop
  • Postman
  • Traverxec
  • OpenAdmin
  • Resolute
  • Sauna
  • Remote
  • Traceback
  • Blunder
  • Admirer
  • Tabby
  • Cascade
  • Magic
  • Cache
  • Buff
  • Fuse
  • SneakyMailer
  • Quick
  • OpenKeys
  • Worker
  • Omni
  • Passage
  • Blackfield
  • Unbalanced
  • Feline
  • Lame
  • Legacy
  • Brainfuck
  • Blue
  • Bashed
  • Devel
  • Shocker
  • Optimum
  • Nibbles
  • Granny
  • Beep
  • Bastard
  • Cronos
  • Silo
  • Nineveh
  • Arctic
  • Grandpa
  • Sense
  • SolidState
  • Bounty
  • Node
  • Jerry
  • Valentine
  • Conceal
  • Poison
  • Sunday
  • Chatterbox
  • Forest
  • TartarSauce
  • Blocky
  • Mirai
  • Frolic
  • Irked
  • FriendZone
  • Bastion
  • Writeup
  • Networked
  • Servmon
  • Popcorn
  • Haircut
  • Active
  • SecNotes
  • Jarvis
  • Mango
  • Doctor
  • BankRobber
  • Bank
• HTB Challenges
  • Crypto
    • Templed
    • Weak RSA
  • Reversing
    • Find the Easy Pass
  • Forensics
    • Marshal in the Middle
    • Illumination (Owned/Active)
    • Took The Byte
    • USB_Ripper
• HTB CTFs
  • Cyber Apocalypse 2021
    • Crypto Challenges
      • Nintendo Base64
    • Forensics Challenges
      • Key Mission
    • Reversing Challenges
      • Authenticator
      • Passphrase
    • Warmup
      • Welcome!

MetaCTF

• CyberGames 2021
  • Binary Exploitation
    • Simple Format
  • Cryptography
    • A to Z
    • Thnks fr th Pwds
    • Wrong Way
    • Unbreakable Encryption
  • Forensics
    • Magic in the Hex
    • My Logs Know What You Did
    • I Just Wanna Run
    • Sharing Files and Passwords
    • Still Believe in Magic?
    • Et tu, Hacker?
    • Easy as it (TCP) Streams
    • Pattern of Life
  • Other
    • Flag Format
    • This Ain't a Scene, It's an Encryption Race
    • Interception 1
    • Interception 2
    • Interception 3
  • Reconnaissance
    • Sugar, We're Goin Up
    • The Best Laid Plans...
    • Who Broke The Printer This Time?
    • Who owns the cloud?
    • Where in the World?
    • The Searcher
    • I want my files back!
    • Mystery C2 Server
    • Where's Vedder
  • Reverse Engineering
    • Strings
    • Source Code Shipping
  • Web Exploitation
    • Under Inspection
    • Yummy Vegetables

Offensive Security

• PG: Practice
• PG: Play

SANS

• KringleCon 2020
  • 1F: Staging
    • Objective 1
  • 1F: Castle Approach
    • Task: Unescape Tmux
    • Task: KringleCon Kiosk
    • Objective 2
  • 1F: Entry
    • Objective 4
    • Objective 5
  • 1F: Great Room
  • 1F: Kitchen
    • Task: 33.6kbps
    • Task: Redis Bughunt
  • 1F: Dining Room
    • Task: The ELF Code
  • 1F: Courtyard
    • Task: Linux Primer
    • Objective 3
  • 1.5F: Workshop
    • Task: Sort-O-Matic
  • 1.5F: Wrapping Room
  • 2F: Talks Lobby
    • Task: Speaker UNPrep
  • 2F: Speaker UNPrepardness Room
    • Terminal: Snowball Game
• Hackfest 2021
  • Router Pwn
  • NFT Baby
  • Teenage Mutant Ninja Squirtle
  • Printer
  • One Shots
  • Cat Hacked
  • SkyDash
  • Taskist-Pro
  • Ransom Inc
• KringleCon 2021
  • Booths
  • Talks
  • Objectives
    • KringleCon Orientation
    • Where In The World Is Caramel Santaigo?
    • Thaw Frost Towers Entrance
    • Slot Machine Investigation
    • Strange USB Device
    • Shellcode Primer
    • Printer Exploitation
    • Kerberoasting On An Open Fire
    • Splunk
    • Now Hiring
    • Customer Complaint Analysis
    • Frost Tower Website Checkup
    • FPGA Programming
  • Terminals
    • Open The Gate
    • Document Analysis
    • Grepping for Gold
    • Logic Munchers
    • IPv6 Sandbox
    • HoHo No
    • Yara Analysis
    • IMDS Exploration
    • ELF Code Python
    • Strace Ltrace Retrace
    • Frostavator
    • Holiday Hero
• KringleCon 2022
  • Areas
    • Staging
    • North Pole
    • Underground
    • Hall of Talks
    • Tolkien Ring
    • Elfen Ring
    • Elf House
    • Web Ring
    • Fountain
    • Cloud Ring
    • Burning Ring of Fire
    • Entry Room
  • Terminals
    • Wireshark Phising
    • Windows Event Logs
    • Suricata Regatta
    • Clone with a Difference
    • Prison Escape
    • Jolly CI/CD
    • Naughty IP
    • Credential Mining
    • 404 FTW
    • IMDS, XXE, and Other Abbreviations
    • Open Boria Mine Door
    • Glamtariel's Fountain
    • AWS CLI Intro
    • Trufflehog Search
    • Exploitation via AWS CLI
    • Buy a Hat
    • Blockchain Divination
    • Exploit a Smart Contract
• KringleCon 2023
  • Christmas Island
• Offensive Operations CTF 2024
  • Baby Rop
  • Bad Fish
  • Duck Hunter
  • Ghibli Store
  • Hippity Hoppity
  • In Between the Lines
  • JavaScript
  • Taskist
  • Warmup Pwn

Offensive Reference Notes

General Notes

• General Notes
• OSINT
• Target Enumeration
• File Transfers
• Windows CLI
• Port Forwarding
• Compiling Code
• Hashes & Passwords
• Helpful Python Methods

Shells

• Upgrading Shells
• Embedding Shells
• One-Liners
• Web Shells
• msfvenom
• AV Evasion
• Meterpreter

Kernel Exploits

• Eternal Blue
• Juicy Potato
• Equation Group Leaks

Network Services

• Apple Remote Desktop
• HTTP
• Java (JVM)
• Kerberos
• LDAP
• Redis
• RDP
• RPC
• rsync
• SCCM
• SQL
• SSH
• Telnet
• VNC
• |WinRM
• WMI
• Xorg

Client Side Attacks

• MS Office
• PS Download Cradles
• PS Shell Scripts
• HTML Smuggling
• Windows Script Host
• C# Shellcode

Privilege Escalation

• Linux
• Windows

Post-Exploitation

• Windows

Active Directory

• General Notes
• BloodHound Queries

Exploit Development

• Using WinDbg