The aim of this little experiment was to utilise XLS 4.0 macros to deliver a covenant stager, I have been working on numerous initial delivery mechanisms for C2 frameworks and have been spending time working through malicious macro development and pulling inspiration from current maldoc analysis. There are numerous posts on using XLS 4.0 macros … Continue reading XLS 4.0 Macros and Covenant
Haystack was a fun easy box over on HTB. Although perhaps only easy if you were at least aware of the tech stack being used on the machine. The initial path to user is perhaps not realistic but a fun mix of steg and research into elasticsearch in order to get credentials. This if then … Continue reading HTB – Haystack Writeup
I have been toying around within my test environment now for a few weeks preparing some payloads and getting to grips with AV evasion. Moving from test and CTF environments to live protected environments, it was the first thing I had to overcome to get anything I know working. I have managed to get quite … Continue reading Windows AV Tips N Tricks.
EDIT: Got my results! 11th September, took around 12 days to arrive but worth the wait! I passed! Late edit as I was away on holiday. But back to the grind tomorrow, will keep you all posted! Its been around 2 weeks now since I took my exam for OSCP. I still haven't had the … Continue reading Post PwK, now what…
Soooo completed my exam at the start of the week. Wow. What a mad 24 hours. I had a power cut, webcam overheating issues which caused a few minor heart attacks but I got there! I completed 4 out 5 machines with a potential final tally of 95 points. So here is a quick little … Continue reading Exam v1.0 Complete.
tl;dr - Just a short one this week. Prep is going as normal. Just repetition, repetition. No blog post next week till after the exam. See you all on the other side! One week to go... one week till the exam. I have everything pretty ready I am running through machines in the lab and … Continue reading One week till exam.
tl;dr - 1 box left in the public network. Domain admin feels good. Still an exam fearing mutha. Tightening the screws and working on speed of enumeration, VM preperataion and cheatsheet production. So another week has flown by. Feels like I'm writing these posts every day! Pretty productive week this week. Feeling a bit more … Continue reading Week 5, all your domain are belong to us.
tl;dr - Beat humble, feeling lazy. Ready to get back into the labs, HTB and some useful links. 20 days till exam. When do I start panicking? A Monday post instead today, had a pretty off weekend busy with work and just relaxing a bit. Started the previous week with humble rooted however! That got … Continue reading Week 4. Humble Down.
Week 3 has been a hard one. Not so much due to the course but more down to me. Its been pretty hard to maintain this level of activity in the lab for 3 weeks straight. Working till 11pm most nights and cramming in work as well, started to take its toll a bit. Motivation … Continue reading Week 3. Keep on slogging.
tl;dr - Don't over complicate, Keep it simple stupid. READ, DIGEST and ASSESS EVERYTHING! 36 days till exam, oh crap. What a week. Week one seemed pretty easy compared to this week. It has been hard going, I am up to 21 rooted boxes so far. All material completed and the lab machine write up … Continue reading Week 2. Try Harder.