In the third part of the Linux Detection Engineering series, I explore the world of more advanced Linux persistence techniques. This part builds upon the knowledge obtained from the previous persistence blog dubbed "Linux Detection Engineering - A Primer on Persistence Mechanisms". This sequel aims to equip …

Read More

In this second installment of the Linux Detection Engineering series, I delve into Linux persistence mechanisms, exploring both common and complex techniques to enhance the knowledge of defenders and security researchers. I examine how these persistence methods operate, how to set them up, and most importantly, how to …

Read More

In this article, I explore how to effectively use Auditd and Auditd Manager for detection engineering. I’ll demonstrate Auditd's powerful features, guide you through the setup process, and show you how to create and modify rules to capture specific behaviors. You'll also learn how to interpret the logs and discover how …

Read More

This research delves into large-scale malware analysis conducted by Elastic Security Labs, highlighting how Elastic ingest pipelines were used to filter out benign and duplicate data during dynamic malware analysis. By leveraging these pipelines, we efficiently managed vast datasets, enabling us to focus on identifying …

Read More

Welcome back! Today we are going to solve the Timelapse machine from Hack The Box. Timelapse is an easy box which focuses on accesible SMB shares and a lot of hash cracking to get the initial foothold. We then find configuration files that allow us to login to the system as the administrator user. Foothold Let's start …

Read More

Today we will be taking a look at the medium box "Undetected" from Hack The Box. The foothold for the box can be found through a vulnerable php script in a directory that should not be world accessible. The script allows for remote code execution onto the box as the www-data user. We then escalate to user by …

Read More

This blog post will cover server-side request forgery (SSRF) attacks. Along the way we will be covering what a SSRF is, take a look at the basics of a SSRF attack, discuss several more advanced SSRF attacks and learn about the ways to prevent your web application of being vulnerable to these types of attacks. While …

Read More

Welcome to my Hack The Box walkthrough for the "Meta" box. The box is considered to be of medium difficulty. Meta requires you to perform DNS virtual host enumeration, identify the inner workings of an image upload functionality, and exploit this to get a foothold. We then find a vulnerable version of …

Read More

Today we will be taking a look at Timing from Hack the Box. Timing is considered to be of medium difficulty, and requires the usage of a local file inclusion to eventually find credentials for the box. We then find an application that we can run with sudo permissions, and misuse it to gain root access. Foothold Let's …

Read More

In the fourth post regarding web application security, we will be diving into OS command injection or shell injection attacks. We will be covering what command injection is, what different types of command injection attacks exist and how to prevent command injection vulnerabilities within your own web applications. …

Read More