I finally did it! After years thinking about it, I finally migrated my Wordpress website to a static website! It was painful, but I am really happy I did it. Why change? I got fed up with Wordpress being full of “stuff”, loading a webpage took ages (well, seconds…, but still too much) while my content is mostly text and a few small images. Moreover, I wanted to be able to write my posts using Markdown.

Intro An easy box according to HTB ranking and a not so easy one according to this site. For me, it was really painful. Let me overshare! Target HTB - NetMon Recon Quick recon based on HTB logo and info : Windows box ; Misc info : web, PowerShell, file misconfiguration ; Probably runs PRTG NetWork Monitor tool. Enum sudo nmap -T4 -A -p- -oA nmap $target_ip Starting Nmap 7.

Intro Without further ado, let’s get started and see what this box is made of! Target THM - Alfred Recon From the box logo and description we can discover that : Target runs Windows ; Target runs Jenkins. Let’s go! Enum Let’s start a basic nmap scan : sudo nmap -T4 -A -p- -oA nmap $target_ip Unfortunately, nmap will complain that Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn.

Intro The importance to also patch your “applications”, and not just your services. Target HTB - OpenAdmin Recon Again, this is an HTB box, so recon is mainly active, and I feel like active recon == enum. Still, we can check : Name of the box : OpenAdmin ; OS “type”, : Linux : Hints given on HTB website, information section : Enum As always, we start with an nmap scan :

Intro A good ol' vuln to get starting! This will be my first real tutorial, so I’ll try to explain the basics of what I am doing. Please bear in mind that I am very new to hacking, probably like you are. I am merely sharing my knowledge and by doing so I am making sure I understood what I did. Please correct me if you find anything wrong, or ask question if you need to!

It’s been a while since I wrote here, hopefully I will be able to write more often and hopefully too I will be able to finally get into hacking properly. Bosom buddies I have been interested by InfoSec for many years. It mostly started a bit more than 10 years ago when I was reading a lot about pentesting : Kali was called BackTrack then, I played a lot with it and MetaSploit.

After a bit more than a year using ProtonMail, I couldn’t bear it anymore… I was really pissed by its lack of “usability”. Even though I had almost 1 year left, I made the switch to FastMail, and I couldn’t have been happier. Let me explain. ProtonMail isn’t bad… However, there is a few issues, that overtime really grew over me. First and foremost, the non standard protocols! ProtonMail doesn’t use IMAP(s)/SMTP(s).

Manually taking a snapshot under VMware is easy : connect to the HTML5 Web UI, find the server from the list, right click, select Snapshot, Name it… However, when you have to do it several times in a row, it becomes really frustrating. Let’s see how to improve that. Here comes PowerCLI VMware released an awesome (and I am Linux guy) tool to manage your virtual machines from the command line.

GLPI is an asset management software. It can handle automatic inventory of your assets (workstations, servers, printers, etc.) ticketing, and much more. Let’s see how to install it under Ubuntu with MariaDB and NGinX. Prepare your system Simply install the requirements : sudo apt install nginx php7.0-fpm mariadb-server php7.0-curl php7.0-gd php7.0-mysql php7.0-cli php7.0-imap php7.0-ldap php7.0-apcu php7.0-xmlrpc php7.0-mbstring php7.0-xml php7.0-xmlrpc Create the self signed certificates : cd /etc/ssl/certs sudo openssl req -x509 -newkey rsa:4096 -keyout private/gpli.

A few days ago, I talked about Ninite, which is an awesome tool to deploy several Windows apps easily. However, if you want to use it on a Windows domain (likely in your company), you’ll have to get the Pro (and paid version). Hopefully, with BoxStarter, you can do it for free. Let me show you how I do it. Let’s do some scripting! In my case, I want all my users to have the same “base apps” installed on their systems.