February 20, 2025
Building a Penetration Testing Dropbox with Raspberry Pi and OpenVPN
As an internal penetration tester, one of the most important aspects of the job is to be able to set up testing infrastructure for remote penetration tests without requiring too much effort from your clients or local IT department. There seem to be thousands of approaches and an unlimited amount of blog posts online talking about different ways to achieve this objective. The one that seemed the most useful to me was using a public VPN server to connect my workstation with a so-called “dropbox” in the target’s internal network.
December 24, 2024
Stepping into the world of OT Penetration Testing with Alchemy
After having completed all the previous Pro Labs, I was extraordinarily exited when HackTheBox announced their newest training lab Alchemy. Although originally being exclusive to enterprise users, the lab was released to the public a few months later. This blog post contains an introduction into the world of operational technology, a review of the Alchemy Pro Lab and an overview of the things I learned while solving it.
July 29, 2024
Metamorphic Malware
Metamorphic or self-modifying code is an advanced technique used by virus and malware authors which enables their malicious program to rewrite itself in a way that the code remains functionally equivalent but looks different each time it is executed. This characteristic prevents antivirus software from detecting the malware using static signatures and makes reverse engineering more difficult.
January 27, 2024
High-Level Red Team Training: Cybernetics & APTLabs Review
A few months ago, I published a blog post where I reviewed the first three HackTheBox Pro Labs that I completed in summer 2023: Offshore, RastaLabs and Zephyr. Over the winter months of this year, I took on the challenge to complete the two remaining advanced labs: Cybernetics and APTLabs. They are both rated as highly challenging, realistic and modern training environments for red team operators and penetration testers.
October 10, 2023
Kerberos Authentication Protocol
The Kerberos protocol provides a single-sign-on (SSO) mutual authentication solution for insecure networks or hosts, where clients and servers verify each others identity based on symmetric-key cryptography and a ticket-based authentication system. Most commonly used in Windows Active Directory environments, a user only has to enter their password once to be able to access a multitude of servers, shares or other resources, while the password is never directly sent across the network, unlike in less secure alternatives like NTLM.September 7, 2023
Intermediary-Level Red Team Training: Offshore, RastaLabs & Zephyr Review
During the summer months of July and August of 2023 I had the opportunity to complete three of the six buyable HackTheBox Pro Lab certifications: Offshore, a Penetration Tester Level 3 lab, as well as RastaLabs and Zephyr, both of which are Red Team Operator Level 1 certifications respectively.