top of page
Cyber Blog​
Search
BlueDolphin
Sep 12, 2021
Hack the box - Monteverde
Summary This machine is very unique as it involves working with Azure AD services and is one of a kind on HTB. This machine is vulnerable...
BlueDolphin
Sep 3, 2021
Hack the box Luanne
Summary This was a very difficult machine that required indepth knowledge or investigations into Lua based scripting errors and openbsd...
BlueDolphin
Aug 30, 2021
Hack the box Love
A great machine that involves webshells, and exploiting lazy admin configurations while utilizing msfvenom.
BlueDolphin
Aug 16, 2021
Hack the Box - Poison
A machine involving LFI-RFI, SSH tunneling to access a local port/service.
BlueDolphin
Aug 11, 2021
Hack The Box - Chatterbox
Summary Chatterbox was a fantastic machine that involved some CVE troubleshooting with a buffer overflow. This provided the initial foot...
BlueDolphin
Jul 30, 2021
Hack the Box Jeeves
Summary This was a fantastic Windows machine that involved deeper enumeration to identify a service running on a non standard port of...
BlueDolphin
Jul 23, 2021
Try Hack Me Buffer Overflow 2
Configure Mona - Prepare our environment and temp folder Crash the application - We will use a standard fuzzing script for this that will...
BlueDolphin
Jul 10, 2021
Kaseya MSP Incident Response
As someone who has a history of working for MSP's, today might be one of the most memorable days for the remainder of my life. A very...
BlueDolphin
Jul 7, 2021
HTB Red Cross
Summary This was an extremely cool box with many paths to gain user and root. The machine starts off with several subdomains requiring...
BlueDolphin
Jul 3, 2021
Hack the Box - Spectra Walkthrough
Summary Spectra is a great machine in which your journey will start with WordPress vulnerabilities and a GUI dashboard. Planting a...
BlueDolphin
Jun 28, 2021
HTB Cronos
Summary This was a great machine that did not provide anything too challenging or obscure which I really appreciated. It did however test...
BlueDolphin
Jun 27, 2021
THM Buffer Over Flow 1
We will be tackling the vulnerable application for the THM buffer overflow challenge level 1. Configure Mona Mona is a script that helps...
BlueDolphin
Jun 26, 2021
HTB October
Summary This was a great machine involving guided routes for the initial access to the machine, without many rabbit holes. From here we...
BlueDolphin
Jun 23, 2021
HTB Canape
This machine largely involved the enumeration of a git repository and flask application running on a couchDB. Writing a python script...
BlueDolphin
Jun 19, 2021
HTB - Delivery
Overview This machine features an IT departments ticketing system that allows you to gain access by registering for a new account out of...
BlueDolphin
Jun 17, 2021
WireShark - Pico CTF - twoo twoo - 100 points
This was a fun pcap & wireshark challenge that involved a good initial investigation eventually leading to several HTTP files named...
BlueDolphin
Jun 1, 2021
Data Exfiltration with DNS
Data exfiltration is a constantly evolving threat. I wanted to dive in deep on exfiltration techniques such as DNS exfiltration.
BlueDolphin
May 26, 2021
Binary Exploitation - PicoCTF- Stonk - 20 points
This is my writeup for a format string vulnerability, that we exploit to read data off the stack.
BlueDolphin
May 9, 2021
justCTF 2020 - That's not crypto
This was a simple reverse engineering challenge, however because I am not a developer full time I had to pull in one of my team mates to...
BlueDolphin
Apr 25, 2021
What if SSH could VPN?
There is a handy tool that can allow anyone with a user level unprivileged SSH connection to create a VPN tunnel with little overhead....
BlueDolphin
Mar 14, 2021
OWASP Top 10 - OS Command Injection
Command Injection 101
BlueDolphin
Mar 7, 2021
HTB Tenten
This is a great machine that involves identifying WordPress vulnerabilities and leveraging burpsuite.
BlueDolphin
Mar 4, 2021
HTB Doctor
A machine featuring Server side template injection and exploiting Slunk Forwarders.
BlueDolphin
Jan 16, 2021
Jigsaw Ransomware Analyses
Jigsaw Ransomware Analysis In this blog we are analyzing Jigsaw ransomware through both static and dynamic approaches with the end goal...
bottom of page