Donald Ashdown
Hack the Box - Investigation (Medium)
Engagement Flow Tools used Burpsuite EVTX Parser by omerbenamram WhatWeb Netcat SCP Ghidra Moonwalk Tactics/Techniques File upload abuse...
top of page
Cyber Blog​
Search
Donald Ashdown
- May 7
Docker - Analyzing Images Offline
Summary Docker images offer many benefits, they can also present challenges for developers and security professionals who need to...
Donald Ashdown
- May 7
Docker Registry Enumeration
Enumerating Docker Registries
Donald Ashdown
- May 7
Docker 101
Docker containers are like book chapters while VM's are the entire book.
Donald Ashdown
- May 3
Hack the Box - MetaTwo
Engagement Flow Summary This was an amazing lab with a narrow attack surface requiring many steps. The initial portion of the user phase...
Donald Ashdown
- Nov 2, 2022
Hack the Box - Trick
Enumeration Summary This machine initially required subdomain enumeration which opened the door for a new attack surface that was...
Donald Ashdown
- Oct 12, 2022
Linux Hard Disk/Drive - Reference
Hard Disk Layout du -h --max-depth=1 - Total space taken by each directory du -h --max-depth=1 /usr - Total space taken up individually...
Donald Ashdown
- Oct 9, 2022
Hack the Box - Late
Engagement flow Enumeration We start off with a standard enumeration phase where we have a narrow attack surface. We know this will...
Donald Ashdown
- Aug 17, 2022
Try Hack Me - Greenbone GVM and OpenVas
Task 1 - Introduction The first task is fairly simple so I will elaborate on OpenVas. The OpenVas project was born in 2005 when the...
Donald Ashdown
- Aug 13, 2022
Python Poetry - Packaging and dependency management made easy
References: https://python-poetry.org/ https://github.com/python-poetry/poetry https://python-poetry.org/docs/...
Donald Ashdown
- Aug 12, 2022
Greenbone Vulnerability Management Scanner - New Notus Scanner
References https://www.greenbone.net/en/notus/ https://www.greenbone.net/en/new-vulnerability-scanner-notus/ https://www.greenbone.net/en...
Donald Ashdown
- Jul 6, 2022
Hack the Box Router Space
Engagement flow Enumeration Port discovery Web enumeration apk download Browsing to the website we see options for a download and a get...
Donald Ashdown
- Jul 6, 2022
Hack the Box - Undetected
PHP, RCE, Reversing, File System, Forensics, Attacks/Weak Password, Attacks/Backdoor
Donald Ashdown
- Jun 20, 2022
Hack the Box - Paper
#Wordpress #CMSExploit #LFI
#CVE
Donald Ashdown
- Jun 19, 2022
Boss of the Soc - Splunk
Pre-amble The focus of this hands on lab will be an APT scenario and a ransomware scenario. You assume the persona of Alice Bluebird, the...
Donald Ashdown
- Jun 14, 2022
Tenable CTF 2022 - Forensics
These are my writeups for the tenable CTF Forensic category. This challenge presents us with a pdf document containing redacted...
Donald Ashdown
- Jun 11, 2022
Google CTF - Beginner Quest Part 1
Welcome Google will run the 2021 CTF competition in two parts: an online jeopardy-CTF competition, and second contest open only to the...
Donald Ashdown
- Jun 11, 2022
Hack the Box - Meta
Topics: Python, CVE, Sudo Exploitation, sub domain enumeration, Exiftool, file upload, ssh keys, pspy, custom script, image magick,
Donald Ashdown
- May 28, 2022
Hack the Box - Pandora
#PHP #CMS Exploit #SQLi #CVE #SUID #SQL #RCE
Donald Ashdown
- May 8, 2022
Hack the Box - Secret
Javascript, Source Code Review, Git, Weak Authentication, OS Command Injection, SUID, Auth failure.
Donald Ashdown
- Apr 25, 2022
Cyber Defenders - Malware Traffic Analysis 1
The attached PCAP belongs to an Exploitation Kit infection. Analyze it using your favorite tool and answer the challenge questions....
Donald Ashdown
- Apr 23, 2022
Hack the Box - BackDoor
Work flow Summary Another easy machine that required several twists and turn along the way to root. Starting off with a narrow attack...
Donald Ashdown
- Apr 13, 2022
CyberDefenders - HawkEye - PCap Forensics
Scenario: An accountant at your organization received an email regarding an invoice with a download link. Suspicious network traffic was obs
Donald Ashdown
- Apr 9, 2022
Hack the Box - Devzat
Docker, API, CVE, RCE, Golang, Source Code Review, Git abuse, LFI, cmd injection.
bottom of page