0xd4y

0xd4y

Senior Penetration Tester | Red Teamer | Global Top 0.1% at TryHackMe and HackTheBox

┌─[0xd4y@Writeup]─[/root/Writeups]
└──╼
$
bash ~/welcome.sh



PwnedLabs (GCP) - SSRF with Gopher

PwnedLabs (GCP) - SSRF with Gopher

The second video in the GCP series in which the threat actor must leverage an SSRF vulnerability to exploit a misconfigured application. The application supports the gopher protocol which can be abused to query the metadata service.

in
PwnedLabs (GCP) - Hidden Files

PwnedLabs (GCP) - Hidden Files

The first video in the GCP series features a scenario where participants are provided with a URL leading to a misconfigured storage bucket serving image files, prompting them to fuzz potential files, discover a backup zip file due to the entity being set to "Public" with "allUsers" granted Reader access, and completing the challenge by decrypting the zip file.

in
CRTE Notes

CRTE Notes

Notes I wrote while studying for the CRTE course and fully compromising the lab.

in
CRTP Notes

CRTP Notes

Notes I wrote while studying for the CRTP course and fully compromising the lab.

in
Active Directory Pentesting Notes

Active Directory Pentesting Notes

Active Directory notes I made while going through TryHackMe material and doing some additional research.

in
Hacking in the Cloud - rce_web_app

Hacking in the Cloud - rce_web_app

The objective of this scenario was to gain access to an RDS instance. We were provided with the credentials of two different users, and exploited this AWS environment in two different ways.

in
Wi-Fi Pentesting Notes

Wi-Fi Pentesting Notes

Notes I wrote while watching Wi-Fi pentesting videos by Vivek Ramachandran from Pentester Academy.

in
Hacking in the Cloud - ecs_takeover

Hacking in the Cloud - ecs_takeover

We gain access to the targeted AWS account by finding an SSRF and RCE vulnerability on an AWS-hosted webapp. We then pivot to other containers and use the metdata credentialso f both the compromised EC2 instance and other docker containers to obtain elevated access within the AWS workload.

in