Donald Ashdown
Post Incident Response - I like to - Sherlock by HTB
Attackers workflow mapped Attacker's Summary This summary will cover the attackers workflow as discovered from my point of view. I...
top of page
Search
Donald Ashdown
- Oct 30
🔐 Hack The Box Machine Write-Up: PC
This machine involves RPC servers, command injection and a CVE with a twist on SQL injection and burpsuite.
Donald Ashdown
- Oct 30
Incident Handling with Splunk - THM Series - Phase 1/6 Reconnaissance
This room covers an incident Handling scenario using Splunk.
Donald Ashdown
- Aug 13
Tenable Capture the Flag - Web - Cat Viewer
SQL Injection manual (NO AUTOMATION)
Donald Ashdown
- Jul 16
Hack the Box - Investigation (Medium)
Engagement Flow Tools used Burpsuite EVTX Parser by omerbenamram WhatWeb Netcat SCP Ghidra Moonwalk Tactics/Techniques File upload abuse...
Donald Ashdown
- Jun 27
Hack the Box - Precious
Engagement flow Summary This machine starts off with some basic web enumeration. The user learns about a web page pdf conversion...
Donald Ashdown
- Jun 27
Hack the Box - Soccer
Engagement Flow Summary This is my writeup for the Hack the Box Machine "Soccer". Tools Used whatweb Processes/Techniques Web enumeration...
Donald Ashdown
- Jun 27
Hack the Box - Stocker
Engagement Map Enumeration We start off with a casual NMAP scan including the flags for service scanning and version discovery. Initially...
Donald Ashdown
- May 7
Docker - Analyzing Images Offline
Summary Docker images offer many benefits, they can also present challenges for developers and security professionals who need to...
Donald Ashdown
- May 7
Docker Registry Enumeration
Enumerating Docker Registries
Donald Ashdown
- May 7
Docker 101
Docker containers are like book chapters while VM's are the entire book.
Donald Ashdown
- May 3
Hack the Box - MetaTwo
Engagement Flow Summary This was an amazing lab with a narrow attack surface requiring many steps. The initial portion of the user phase...
Donald Ashdown
- Nov 2, 2022
Hack the Box - Trick
Enumeration Summary This machine initially required subdomain enumeration which opened the door for a new attack surface that was...
Donald Ashdown
- Oct 12, 2022
Linux Hard Disk/Drive - Reference
Hard Disk Layout du -h --max-depth=1 - Total space taken by each directory du -h --max-depth=1 /usr - Total space taken up individually...
Donald Ashdown
- Oct 9, 2022
Hack the Box - Late
Engagement flow Enumeration We start off with a standard enumeration phase where we have a narrow attack surface. We know this will...
Donald Ashdown
- Aug 17, 2022
Try Hack Me - Greenbone GVM and OpenVas
Task 1 - Introduction The first task is fairly simple so I will elaborate on OpenVas. The OpenVas project was born in 2005 when the...
Donald Ashdown
- Aug 13, 2022
Python Poetry - Packaging and dependency management made easy
References: https://python-poetry.org/ https://github.com/python-poetry/poetry https://python-poetry.org/docs/...
Donald Ashdown
- Aug 12, 2022
Greenbone Vulnerability Management Scanner - New Notus Scanner
References https://www.greenbone.net/en/notus/ https://www.greenbone.net/en/new-vulnerability-scanner-notus/ https://www.greenbone.net/en...
Donald Ashdown
- Jul 6, 2022
Hack the Box Router Space
Engagement flow Enumeration Port discovery Web enumeration apk download Browsing to the website we see options for a download and a get...
Donald Ashdown
- Jul 6, 2022
Hack the Box - Undetected
PHP, RCE, Reversing, File System, Forensics, Attacks/Weak Password, Attacks/Backdoor
Donald Ashdown
- Jun 20, 2022
Hack the Box - Paper
#Wordpress #CMSExploit #LFI
#CVE
Donald Ashdown
- Jun 19, 2022
Boss of the Soc - Splunk
Pre-amble The focus of this hands on lab will be an APT scenario and a ransomware scenario. You assume the persona of Alice Bluebird, the...
Donald Ashdown
- Jun 14, 2022
Tenable CTF 2022 - Forensics
These are my writeups for the tenable CTF Forensic category. This challenge presents us with a pdf document containing redacted...
Donald Ashdown
- Jun 11, 2022
Google CTF - Beginner Quest Part 1
Welcome Google will run the 2021 CTF competition in two parts: an online jeopardy-CTF competition, and second contest open only to the...
bottom of page