Vulnhub Cewlkid: 1 Walkthrough

by Vince
in Blog
Hits: 756

The description states:  "An intermediate boot2root. The name is a hint. The start is CTF but the end is real world and worth the effort. Created in Virtualbox. Goal: Get the root flag.

Let me start off by saying that there's an unintentional way of rooting this box, unavoidable, in fact, and unfortunate.  It does not diminish the fun but the longer and intended route has more twists and turns.  This is the long way and the intended route.

Read more

Vulnhub Nully Cybersecurity: 1 -- First Flag Only

by Vince
in Blog
Hits: 907

First, let me start off by saying that this only takes you through the first flag because the next flag takes you off the CTF box and onto the Internet.  Call me a prude but I'm not attacking a public facing IP address.  I wish they would have done this with Docker or some other container technology because it could have been self contained. 

That being said, the first part was a lot of fun.  I'll take you through to the pivot and then you can decide whether or not to move forward.

Read more

Covenant C2 Deep Dive

by Vince
in Blog
Hits: 2014

The description states:  "Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.  Covenant is an ASP.NET Core, cross-platform application that includes a web-based interface that allows for multi-user collaboration."

I'd previously written about Covenant and while I thought it was interesting, I didn't have a use for it then.  But as my engagements get larger, the ability to logically aggregate endpoints is a necessity and a second look at Covenant got me to really digging around in it.

A couple of points before I jump into it.  First, this is not an A to Z primer.  Second, and more importantly, it is a little buggy from time to time.  The more you play with it, the more you're going to learn the ins and outs.  I've been using it day in and day out for about 45 days.  I understand well enough to know when I should try something again (and perhaps again). 

Read more