Links within this blog post contain affiliate links. If you purchase items using these links, trenchesofit may earn a commission. Thank you. Zoneminder is an open-source surveillance solution that allows recording, monitoring, and analyzing your security cameras. I have been using Zoneminder personally for many years. I recently purchased a PTZ Reolink camera and wanted …
Zoneminder is an open-source surveillance solution that started before 2006. Since then the project has grown to be a fully featured solution for those looking to take physical security seriously. You can find the project on Github: https://github.com/ZoneMinder/zoneminder I decided to spend a bit of time testing the web application to see if I could …
Vulnhub started hosting a machine named SecureCode: 1 on February 23rd, 2021. This machine was created by the user sud0root with a description of “OSWE-like machine”. Overall the machine was simple, but it did provide some good practice reviewing code and writing a proof of concept exploit script. Reconnaissance To begin, I executed a Nmap …
Hack the box released a machine named Falafel in 2018. The difficulty set by the community and HTB is Hard, and I can see why considering the machine required quite a few different attack types including blind SQL injection, password cracking, type juggling, file upload bypass, and abusing Linux permissions and group misconfigurations to finally …
The security community has compiled a well-known list of machines available outside of the PEN-200 Labs to help prepare for the OSCP exam, but few know that an OSWE list is in its infancy as well. The OSWE list can be found here. At the top of the Vulnhub list was Silky-CTF: 0x02. Though the …
Burp Suite is a great tool not because it contains all the needed features to test a service, but because it can be customized to perfectly fit the needs of each engagement. A common issue with my day-to-day when testing APIs is the need to pull a dynamic parameter from an initial request to then …
I ran across Deloitte’s CTF on ctftime.org while looking for some challenges to keep myself busy. The CTF timeframe was a bit longer than I was expecting, but I could just attempt the challenges as I have time. Let’s dig into some details about the CTF. Duration: July 2nd – July 26th “Hackazon is a …
The bug bounty community has finally caught my attention and it’s time for me to take a stab at finding some web application vulnerabilities in the wild. Before I started this process I took a few weeks to get accustomed to the current toolset being used and how they work. So basically it comes down …
Recently I had the opportunity to take the PWK course offered by Offensive Security. Given how helpful the community has been during my journey, I felt it was my duty to provide a helpful write-up for all those pursuing the OSCP. The most useful questions I enjoyed reading were: What experience did you have before …
Offensive Security released the Linux machine Fail on January 28th 2021. The machine is rated intermediate by OffSec and hard by the community. I felt the box was more towards the easy end of intermediate. The machine requires a bit of knowledge using ssh keys for authentication and an application called fail2ban. For those unfamiliar …