Blue/Red Reports

This section contains my Blue and Red Team reports, detailing engagements, methodologies, and findings from various security assessments. I'll update this as new reports are completed, but red teaming keeps me busy, so bear with me if I'm a bit behind!

2m Report

Two Million- Hack The Box

The challenge involves exploiting an insecure API to gain an invite code, escalating privileges through a misconfigured API endpoint, achieving command injection for an initial shell, and leveraging a vulnerable OverlayFS (CVE-2023-0386) for root access.

 Titanic Report

Titanic - Hack The Box

The goal of this box is to exploit an Arbitrary File Read (LFI) vulnerability to retrieve a Gitea database, crack credentials for SSH access, and escalate privileges using a vulnerable ImageMagick version (CVE-2024-41817) in a cron script.

 Cap Report

Cap - Hack The Box

The box involved exploiting a web dashboard to uncover FTP credentials, gaining initial access via SSH, and escalating to root by leveraging a Python binary with elevated capabilities.

 Fluffy Report

Fluffy - Hack The Box

Fluffy is an Windows machine from Hack The Box Season 8, designed to teach Active Directory (AD) pentesting techniques.

 DC-4 Report

CTF Report(OffSec):: DC-4

DC-4 from OffSec Proving Grounds was a challenging yet rewarding pentest lab that I recently tackled. It tested my skills in enumeration, brute-forcing, command injection, and privilege escalation.

 Djin3 Report

CTF Report(OffSec): Djin3

Djinn3 box from OffSec involved exploiting a Server-Side Template Injection (SSTI) vulnerability followed by privilege escalation.