The Journey Back in May 2022 I made a post about starting my OSCP journey. The intent, at the time, was to use open source resources such as Hack the Box and TryHackMe to help prepare prior to enrolling in Offensive Security’s PEN-200 course. Well, life had other plans because shortly after the journey started it had to be put on pause. More important and pressing responsibilities took up most, if not all, of my free time. It was not until August 2023 when the journey was able to be resumed. At that point it was decided to dive into…
Category: Purple Teaming
But wait, there’s more! In the previous post I showcased how VBScript can be ran via LNK files. This post will discuss how LNK files can be weaponized to run DLLs via PowerShell. Macro-Enabled Office Documents Are Overrated There has been a recent shift in Emotet and IcedID campaigns that utilize ZIP or ISO files, instead of Microsoft Office documents, as their lure to distribute malware. Within these ZIP/ISO files are a LNK file and stage 1 DLL. When a user double clicks the LNK file, it launches the stage 1 DLL which downloads the second stage. Typically this leads…
Introduction It is a common tactic for malicious cyber actors to attain initial access to a victims’ computer through phishing campaigns. During these campaigns, Microsoft Office documents with malicious macros would typically be used to distribute malware. Unwitting users would enable macros and just like that malware is dropped on their machines. This TTP became so widely used that Microsoft decided to intervene around October 2022 and blocked macros, by default, on Office documents downloaded from the Internet. Unfortunately, malicious actors are not so easily defeated. What is the next best way to trick a user into installing malware on…
Learning on the Go All my cybersecurity experience up until this point in my career has been focused on the blue side of the house. But recently I was able to take what was learned over the years as a defender and apply that to a purple team. Simply said, a purple team is a mix of offensive (red) and defensive (blue) behaviors with the end goal of improving the overall security posture of an organization. Purple teams work closely with defenders to help train them, validate detection logic, and identify detection gaps. For quite some time I wanted to…
Today marks the beginning of my OSCP certification prep. Before gaining access to the course material proper, I decided to prepare a bit beforehand via Hack The Box (HTB). Even though I have managed to complete mostly easy and a few medium boxes on HTB, understanding the fundamentals of penetration testing is important. Everything learned thus far was self-taught and unstructured. Taking a more formal approach and developing a strong foundation will better prepare me for the OSCP. Enter Starting Point from HTB. Follow me on this journey as I give a walkthrough for each box.