CRTP Notes
Notes I wrote while studying for the CRTP course and fully compromising the lab.
0xd4y
Penetration Tester | Security Engineer | Global Top 0.1% at TryHackMe and HackTheBox
┌─[0xd4y@Writeup]─[/root/Writeups]
└──╼ $
└──╼ $
bash ~/welcome.sh
On this page you can find my written reports, notes, and videos on my YouTube channel. You can search for videos and writeups by using the search feature located at the top right of the webpage.
Active Directory Pentesting Notes
Active Directory notes I made while going through TryHackMe material and doing some additional research.
Hacking in the Cloud - rce_web_app
The objective of this scenario was to gain access to an RDS instance. We were provided with the credentials of two different users, and exploited this AWS environment in two different ways.
Wi-Fi Pentesting Notes
Notes I wrote while watching Wi-Fi pentesting videos by Vivek Ramachandran from Pentester Academy.
Hacking in the Cloud - ecs_takeover
We gain access to the targeted AWS account by finding an SSRF and RCE vulnerability on an AWS-hosted webapp. We then pivot to other containers and use the metdata credentialso f both the compromised EC2 instance and other docker containers to obtain elevated access within the AWS workload.
Hacking in the Cloud - ec2_ssrf
As a low-privileged user, we compromised multiple other users and moved laterally within the environment. We then found a vulnerable EC2 instance which, when exploited, revealed the credentials for the role of the instance profile, which contained permissions to list and download credentials from a confidential S3 bucket.
Hacking in the Cloud - iam_privesc_by_attachment
We start off as a fairly high-privileged user who can perform multiple IAM and EC2 API calls. Using these permissions, it was possible to obtain full control over the AWS account by creating an EC2 instance with a high-privileged instance profile.
Hacking in the Cloud - cloud_breach_s3
In this video we compromise an EC2 instance's metadata service, obtain credentials that result in exfiltrating sensitive data, and we do all of this while being completely undetected!
