Finding Your Feet in Cyber Security: Part One

My Motivation

Rewind three years, I was fresh out of the university, undecided on what do with my bachelor’s degree and knew next to nothing about Cyber Security. Truth is, like the average Nigerian graduate, my knowledge was limited to what I had learned in the classroom. In school, I was only ever interested in network functionality, implementation and security, and had never made any serious efforts outside of class. My curiosity about hacking computers led me to Cybrary (was almost free at the time) where I embarked on a journey to learn about ethical hacking and penetration testing (this didn’t end well). This culmination of self-study, multiple setbacks and the drive to learn provided me the bedrock needed to get where I was going.

I have barely just gotten my feet wet in the massive ocean that is Cyber Security, but lately, I’ve been asked quite frequently on how to get started, so I figured to turn it into a blog post. The following suggestions are as per my experience so far and the things that worked out for me. My two scents on this subject should only serve as a friendly advice rather than an ultimate winning formula.

Building Blocks

Before diving into Cyber Security it’s extremely important to identify which specialty or work role interests you, because, in numerous ways, cyber security is similar to engineering or healthcare. There are so many different paths you can specialize in, from digital forensics and incident response to penetration testing, security governance or security awareness. (trust me, there are way more than you think.)

Read more “Finding Your Feet in Cyber Security: Part One”

Active Directory 101: Sauna

Introduction

For my third machine in the Hackthebox AD 101 track, I’ll be pwning Sauna. Sauna is an easy active directory machine that teaches the basics of ASREPROASTING and Domain Replication Attacks . The attack path to domain admin wasn’t complicated and was a good test of how much I’ve learned so far. Initial access was achieved by obtaining and cracking the TGT of a non-preauthenticated user. Upon discovery and compromise of a user with DC Sync rights I was able to escalate privileges by dumping and passing the NTLM hash of the domain administrator.

Read more “Active Directory 101: Sauna”

Active Directory 101: Forest

Introduction

For my second machine in the Hackthebox Active Directory 101 track, I’ll be pwning Forest. Forest is another active directory machine that teaches the basics of ASREPROASTING and abusing Discretionary Access Control Lists (DACL). The attack path to domain admin was quite new to me as I learnt another AD privilege escalation technique. For this box, initial access was gained by sending a dummy TGT request to obtain the credentials of a Non-preauthenticated user. Following post compromise enumeration, I was able to become domain admin by first abusing access control rights to a domain object then launching a DC SYNC attack to obtain NTLM hashes for all domain users and administrators.

Reconnaissance

Read more “Active Directory 101: Forest”

Active Directory 101: Active

Introduction

For my first machine in the Hackthebox Active Directory 101 track, I’ll be pwning Active. Active is an active directory machine that teaches the basics of GPP attacks and kerberoasting. The attack path to domain admin was quite straightforward following a brief introduction to AD hacking by TCM, for this box, initial access was gained via a poorly configured SMB share containing a windows group policy preference configuration file (groups.xml), then kereberoasting was leveraged to escalate privileges.

Read more “Active Directory 101: Active”