Parity InfoSec

🔪Keep your skills sharp with & ! 🔪
Great starter box for working on BurpSuite Repeater, PayloadsAllTheThings, & GTFObins to get Root. After root, a bonus demo for using ssh authrorized_keys file to get total shell control!

!

https://youtu.be/HSg8LBgjq8k

HackTheBox ~ Knife Walkthrough 🔪 Keep your skills sharp with & ! 🔪Great starter box for working on BurpSuite Repeater, PayloadsAllTheThings, & GTFObins to get Root. After roo...

🐱 brings it in this easy box. Using a public exploit to get unauth'd file upload, we can get shell & massage that into root. Don't worry about that AlwaysInstallElevated, it's of no concern 🙄 Come w/ Parity Infosec
https://youtu.be/4MpNn_6qhYY

HackTheBox ~ Love Walkthrough 🐱 brings it in this easy box. Using a public exploit to get unauth'd file upload, we can get shell & massage that into root. Don't worry about...

isn't just on HBO, its also from ! Practice some AWAE & OSCP techniques w/ an OWASP injection & exploiting a race condition in a sudo shell script. Manipulate time & space to get root w/ me!

https://youtu.be/8rhY8G4N41o

HackTheBox ~ Tenet walkthrough (php object inject/shell race condition) isn't just on HBO, its also from ! Practice some AWAE & OSCP techniques w/ an OWASP PHP injection & exploiting a race condition in a sudo shell s...

strikes back in from ! Pulling out all the tricks to escape a webpage, we use an MSF CVE to get user. A little script analysis & root is not far away. Start today!

https://youtu.be/hUAo1MLsWck

Return of the w/ from ! Using an email-based ticket system, we pop user creds by leveraging 1 app against another. Some exfil & rules work gets root.


https://youtu.be/MeKbHMmsBAw

HackTheBox ~ Delivery Walkthrough (MySQL & JtR) Return of the w/ from ! Using an email-based ticket system, we pop user creds by leveraging 1 app against another. Some exfil & #...

🏃‍♂️ This machine was a w/o trying! Are you ? 🏃‍♀️
Leverage GitLab to achieve a foothold & find the hidden password to get docker root. Escape that & we smash root in under 30 mins.
I even yelled out twice & not taking it back!



https://youtu.be/NBMNh1Kf4y4

🧪🥼 Follow me as we go after Dexter's home turf on
An easy box w/ pre-made exploits makes this a quick one, but the password reset was not simple to find. Great basic path hijack to SUID privesc gets root.

https://youtu.be/5WC1PaECnn0

HackTheBox ~ Laboratory Walkthrough (Path Hijack w/SUID PrivEsc) 🧪🥼 Follow me as we go after Dexter's home turf on easy box w/ pre-made exploits makes this a quick one, but the password reset was not s...

As promised, part 2 of Luanne was a script demo to connect to a server & make a psuedo shell by exploiting command ex*****on. This is the start of more specific "how to" videos. Monday morning is a great time to learn & !



https://youtu.be/LuK_bqLQF0M

Python How To: Turn web cmd injection into a "shell" Whether you are prepping for OSWE, OSCP, GWAPT, or something else, follow along while I use python to connect to a remote server, build code around a command...

🌩🌧☔ Come in from the storms & talk to about the weather! 🌤🌥
An easy box, but hard to find some info; I'll show how to enumerate using RCE & data leaks. With some cracking help from , root is not far away! Doas I say & as I do...


https://youtu.be/Obb7bjsigfg

was a great op to show manual skills & parsing logs to extract passwords the hard way . Using an RCE exploit got User & a D-Bus abuse took us all the way to root. 🍀Sláinte 🍀

Hack along & start

https://youtu.be/e85zmsz89NE

📚🎓 Get back to school w/ from 👩‍🎓👨‍🎓
Rule this easy box w/grep/awk bonus. We modify a registration req to track down the dev page. Data leak/CVE combo got foothold, where sensitive log data & sudo helped elevate us to ROOT.

https://youtu.be/6Nog9k2hHL0

🐱 Meo-Wow! This was closer to 🐯🦁
Tomcat was the way in, but docker🐳 movement was key. The box should have been named "Misquote"...

Another hard box for practicing higher cert ( / ) TTPs.
✅ Java Deserialization w/ Ysoserial
✅ Port Forwarding w/ Chisel
✅ Docker socket abuse/escape



https://youtu.be/VkV_UPeVpPU

👩‍⚕️💉👨‍⚕️
retired another easy box w/ obscure code issues to learn. Flipping SSTI into a shell set us up to try out splunk exploits ( ) f/ shell. Catch all the tips/tricks in between



https://youtu.be/Lg5_6kpGx7w

was another great machine to learn on! I've never had to deal with DevOps hands on, so SVN & Azure DevOps server were new things to dig into & I tried to share everything I took in during my time on this box. There is a similar path from nothing to user as it was user to root, with a few different examples of how you could accomplish the tasks. I usually avoid Metasploit (my training tells everything should be harder right?!?), but Prolabs have really taught me to get over that. I show my favorite module (Web Delivery) to get the point across that this can be easy; theres a framework dedicated to that concept. Break out some evil-winrm & its a real party.

Stay tuned & join me in taking down the newest retired box: Worker!

https://youtu.be/X9kXGWzDZS0

HackTheBox ~ Worker Walkthrough was another great machine to learn on! I've never had to deal with DevOps hands on, so SVN & Azure DevOps server were new things to dig into & I...

Time to hit w/ from . Locked down sys crushin' morale at every turn! Enough chained exploits got us through 3 Users & . Tips & Tricks (PHP/find/grep) aplenty before a shot of Ghidra to find the backdoor pass.



https://youtu.be/slLWbR8NW5c

HackTheBox ~ Compromised Walkthrough Time to hit w/ from . Locked down sys crushin' morale at every turn! Enough chained exploits got us through 3 Users & . Tips ...

was a nice intro to Windows IoT. Easy box w/published RCE & nifty powershell creds work to decrypt passwords. Lots of living of the land; minimal tools. Def worth a look as I see more boxes coming from this arena.



https://youtu.be/NP4lqtWNoYQ

HackTheBox ~ Omni Walkthrough :00 Intro03:50 NMap04:36 HTTP Enumeration: Windows Device Portal (8080)05:38 SirepRAT14:45 TRICKS: Out-of-Band RCE verification ...

🎉🎉🎉Congrats to Justin L. & Yevhenii P. on winning the Anniversary Giveaway! Stay tuned in 2021 for more IT training & random contests 🎉🎉🎉

Find out more at parityinfosec.com, https://www.youtube.com/channel/UC4m0NllxYyHN8JUhRTm-Byg, & follow me here on Facebook!

Happy Holidays & Happy New Year! 2020 has lasted forever, but it was momentous for us because it was the start of something more. Sharing training, making more taped content, & hitting some of our landmarks. Today we've hit 77.5 hrs watched on YouTube; not ground breaking but more than I imagined when I started. That's a testament to all of you that believe in the vision here & I look forward to more in 2021.

I'm feeling generous, so to celebrate making it to our 1 yr celebration I'm giving some stuff away!
(1) Top Prize: 1x YubiKey NFC & Humble Bundle Hacking 101 from No Starch Press ($680 value)
(2) 2nd Prize: Humble Bundle Hacking 101 from No Starch Press ($655 value)

- Justin

http://www.rafflecopter.com/rafl/display/ab8882e30/?

was a bit of a doozy to find a way in, but was smooth sailing once you ID'd the holes. Follow along to push through a CVE Auth Bypass combined with an HTTP header injection to get the foothold. User & Root both courtesy of OpenBSD CVEs so this was a solid medium from . Giveaway hinted coming this week; stay tuned for the full announcement!



https://youtu.be/HlYvuHNZpTk

I tell you what! What? That box was a beast and I am spent!

This was my first experience with RSYNC, so I tried to walk through it a little more. Filled with / nuggets (grep/Burpsuite/SQLi/etc), this is a GREAT box for honing those skills. I show the FULL process for building an SQLi substring credential harvester! After breaking down the squid cache, root comes from a docker'd Pi-Hole CVE. I fumbled hard through trying to proxy various PoCs before I landed on the obvious solution (check out 1:20:00). Wouldn't miss it for the world though!

Don't forget: next week is the launch of the 2020 Holiday Hacking Challenge with KringleCon 3 (https://www.holidayhackchallenge.com). You can get in now to work previous years and lets start in .

https://youtu.be/pwEoJqrQhgM

HackTheBox ~ Unbalanced Walkthrough [*Must for OSCP/AWAE prep*] I tell you what! What? That box was a beast and I am spent! This was my first experience with RSYNC, so I tried to walk through it a little more. Fil...

= ton of fun phishing for some . Join me as I attack SMTP and take over an email account. After a big load of work, I finally get foothold into box and use pypi to privesc to User2. A couple nifty tricks to keep in mind for manuevering moving around a compromised system as well. From there, just a hop skip and a jump to root. Never stop learning new techniques!



https://youtu.be/rUb-ksmZTPI

HackTheBox ~ Sneakymailer Walkthrough = ton of fun phishing for some . Join me as I attack SMTP and take over an email account. After a big load of work, I finally get footho...

up your OSCP skills! A CVE focused box but we show how to modify public exploits for a python3 env. Touch on like msfvenom payloads & Plink port forwards. beat me, but never give up!



https://youtu.be/Hl_PftthuR8

HackTheBox ~ Buff Walkthrough up your enumeration skills! We walk through a very CVE focused box but touch on how to modify public exploits to run in a python3 environment. We touch...

Hurricane Zeta left us with no power for a few days, resulting in missing the Fuse drop. 😞
Not this week!

was a pretty fundamental machine fresh to the retirement list. We hit some basics like HTTP Enum, LFI, and Tomcat WAR uploading to get a foothold. Once on the machine, cracking a zip and exploiting password reuse enabled User access and presented an lxd PrivEsc vulnerability which got us to ROOT.
Silly hijinx ensued when I hit a few snags, but sometimes hackin' ain't pretty.



https://youtu.be/c7gUNhpZj2U

; another great egotisticalSW box! While an easy box, it will test your enumeration and CVE searching skills. It's pretty realistic and a great set of skills to hone. Beating up on the Bludit CMS, we obtain user access and use a wide-reaching sudo vulnerability to get root quickly. Follow along as we !


https://youtu.be/xgXxly4xxpI

Wrapped up from : pure enumeration box start to finish (OSCP like?) with a great example of chained unauthenticated > authenticated exploits leading to RCE. Pushing the boundaries on a lesser known memcached enumerations skill, we finish with a standard escape everyone needs in their toolbox. Join me for a great run on


https://youtu.be/vBcjhZKMqsU

HackTheBox ~ Cache Walkthrough Cache was an enumeration box from start to finish (OSCP like?) with a great example of chained unauthenticated to authenticated exploits to achieve RCE. Push...

A new week, a new chance to learn! Big video this week with Active Directory, LDAP, & SMB enumeration. Toss in some Kerberoasting, mimikatz & back up priv esc; certainly HARD. Follow along for a 'must complete' box!



https://youtu.be/MG-4HsSNYX4

HackTheBox ~ Blackfield walkthrough Great Walkthrough on AD and LDAP attacks, featuring AS-REP-roasting, mimikatz lsass dumps and chaining Robocopy with DiskShadow. 00:00 Intro 03:31 Nmap 04:32...

After a few weeks, it's time to hit back with another Writeup!

Taking down from . Lots of fun enumerating directories/files before ID'ing a web app exploit. By taking advantage of this, we bridge to the USER account and abuse python path hijacking to achieve root. Join me!



https://youtu.be/JjagmdcQ1WQ

HackTheBox ~ Admirer Walkthrough Taking down the newest retired machine: Admirer. Lots of fun enumerating directories and files before I narrow down on a web app exploit. By taking advantage...

Inside Remote from !

Come for the NFS, but stay for the RCE exploit/Windows service PrivEsc! I demo world TTPs like unintented password correlation w/usernames in logs & Out-of-Band RCE Ping checks.



https://youtu.be/FwHe_YtfkYM

HTB ~ Remote Walkthrough Inside Remote from ! Come for the NFS, but stay for the RCE exploit/Windows service PrivEsc! I demo world TTPs like unintented password correlation w/use...

brought to you by the ! New build to host more VMs and create original lab demos. Stayed tuned for more and training. Let's start between 😇 and 😈

Time to crush another Hard machine w/ QUICK. Lots of enumeration on this system & HTTP3 to boot! With an RCE CVE & handy MySQL inject to bypass the login, we get access to a unique race condition attack. Exfiltration of an SSH key and more enumeration leads to root! Come follow along and expand your horizons.

https://youtu.be/0QC12arEUgw

HackTheBox ~ Quick Walkthrough Follow me as I take down a Hard machine: QUICK. It involves more enumeration and digging into php files to find a login bypass. I will explain how a bas...

New week, new you! Follow the with me from :
✅ SQLi Login Bypass
✅ File Upload Restriction Bypass
✅ SQL dump
✅ Executable Enumeration
✅ Path Hijack
We've got it all!


https://youtu.be/VN6htyZpMls

After a 2 wk break, I'm back to take down ; an easy linux box w/ some config issues. Follow along as we exploit Luvit to get User2 & I show my 4 favorite ways to get root access. I demo this all in the new VM from !


https://youtu.be/gSoefUMcQdM

HackTheBox ~ Traceback Walkthrough w/ PwnBox demo Walkthrough using the new PwnBox web-accessible VM covering: 00:00 - Intro 02:31 - PwnBox Setup and personal thoughts 09:23 - Nmap enumeration 10:01 - H...

Day 1: Great support (especially egotistical). Instant discord response & tons of fun for learning the ropes. Initial scope/enumeration was annoying, but realistic when a client tells you "here's our IP range" and nothing else. Once you get a foothold, the job of pivoting around tried my skills and locked in some long wavering believes about SOCKS proxies. This is definitely more approachable than any other , but judgement is still out on the for your training dollars. Stay tuned!

Doing a thing! I'll try out the new beginner from and provide some feedback. I'm going to give my impressions so you can make an informed decision with your training funds! Stay tuned...

Back to conquer another Windows DC w/ . A variety of exploits: LDAP enum, SMB exploitation, passwords in files, DnSpy to decompile/debug, & AD Recycle Bin recovery. Lot's of niche techniques, so come hack along!

https://youtu.be/n9lOm2ScPh4

Now's a great time to learn some Windows/Kerberos/LDAP pentest tactics. In the end, I'll cover mimikatz and impacket to lock in Administrator. Come watch me take down on !

https://youtu.be/eh4iHOC3Qdk
www.parityinfosec.com/htb/sauna

HackTheBox ~ Book Walkthrough
Join me as I take down Book! This box had some stability issues, but was a great introduction to LFI via XSS on dynamic PDFs. Combining that with SQL truncation, we’ll gain foothold and use the Logrotten exploit to get a root shell.



https://youtu.be/2X70KEazj_k https://www.parityinfosec.com/htb/book

HackTheBox ~ Book Walkthrough — Parity InfoSec Join me as I take down Book! This box had some stability issues, but was a great introduction to LFI via XSS on dynamic PDFs. Combining that with SQL truncation, we’ll gain foothold and use the Logrotten exploit to get a root shell.

Come follow along as I tackle ForwardSlash from . There are a variety of chained items to get a foothold; from Virtual Host enumeration to File Inclusion vulnerabilities. From there, getting root required bypassing a custom time-sync’d backup program and decrypting the final password with a custom Python encryption script. With some LUKS encryption and mounting a backup, the whole box was a challenge from start to finish!



www.parityinfosec.com/htb/forwardslash

HackTheBox ~ ForwardSlash Walkthrough — Parity InfoSec Come follow along as I tackle ForwardSlash from HackTheBox. There are a variety of chained items to get a foothold; from Virtual Host enumeration to File Inclusion vulnerabilities. From there, getting root required bypassing a custom time-sync’d backup program and decrypting the final password wit

Looking to expand your certifications or just knock out some CEUs? Here are some tips to keep your costs down. +

How to Choose Cybersecurity Training & Save Money! — Parity InfoSec Tips to get your CEUs and certifications at low or no-cost! We discuss achieving your CISSP or Security+, along with HTB and SANS courses to get you to the next level

SANS KringleCon 2019 Walkthrough

KringleCon is over but the party never stops! Follow along to save Christmas on the campus of ELF University using DFIR/Blue Team techniques and hack away

SANS KringleCon 2019 Walkthrough — Parity InfoSec Turtle Doves!