A tester here. Looking forward to connecting and learning from you.
I make notes so that I don't forget.
.-- .-- .-- .-.-.- .-.. .. -. -.- . -.. .. -. .-.-.- -.-. --- -- -..-. .. -. -..-. .-.. .. ..-. . - .. -- . ... -.-. .-. .. .--. - -.- .. -.. -.. .. .
SSBkb24ndCBrbm93IHdoYXQgSSBhbSBkb2luZy4gClNvIGhlbHAgbWUsIEdvZC4=
| Month | Action | Goal |
|---|---|---|
| June 2025 | ||
| May 2025 | ||
| April 2025 | Cloud - pwnedlabs.io / breaching.cloud | Learn like a SE, Hack like a SK |
| March 2025 | HTBA - Senior Web + Cobalt Strike Payload (CRTL + Maldev) | One working Beacon |
| February 2025 | HTBA - Senior Web + Cobalt Strike Payload (CRTL + Maldev) | |
| January 2025 | HTBA - Senior Web | |
| April 2024 | Study for OSWE | |
| October 2023 | CISSP | Done |
| September 2023 | Switch to CISSP | |
| August 2023 | Continue with CBBH | |
| July 2023 | Started CBBH | |
| June 2023 | CRTO - Passed, New Goals: CISSP / CBBH | Done |
| May 2023 | CRTO - projected, Start CISSP (projected) | |
| April 2023 | CRTO | |
| March 2023 | HTB Academy - AD enumeration → Finally Done! Moving on to API | |
| February 2023 | HTB Academy - AD enumeration | |
| January 2023 | Worked on AD | |
| December 2022 | Worked on AD |
April 2025
Work kicked in. Gotta focus on Web and Cloud.
Learn Web application like a systems engineer hack attack like a script kiddie
0. Web Architecture 101
1. Attack Web application
2. DNS Security - Defen ding Against Attacks
3. Load Balancer Security- Defending Against Attacks
4. Web Application Server Security- Defending Against Attacks
4a. RCE
5. Databases
6. Web Caching Security- Attacks & Mitigation Strategies
7a. Introduction to Job Queue Security
8. Microservices Security- Protecting APIs & Authentication Mechanisms
8a. JWT
8b. OAuth
8c. SAML
9. Introduction to Data Pipeline Security
10. HTTP Headers
11. Javascript Debugging
March 2025
Goal: Make a CS beacon that can survive the initial drop by the end of this month.
What I need:
Deep understanding of Binaries and windows system
Deep understanding of EDR
Deep understanding of Cobalt Strike kits
Resources: CRTO, CRTL, Maldev, chatgpt!
How does a binary work ?
0. Resources
1. Portable Executable Structure
2. From PE to Memory
3. Flow of System Calls - ntdll.dll, kernel32.dll
4. Win32 API and Windows Native API
4a. NTDLL.DLL - Overview and Functionality
5. Syscalls Flow
5a. Syscalls Deep dive
5b. From Memory - PEB_TEB
6. Execution
How does EDR work?
1. Let's understand EDR like a blue team
2. Let's understand EDR like a red team
How to bypass EDR?
0. Binary creation and insertion
1. Download Prevention & Bypass Techniques
1a. AES, RC4, XOR encryption
1b. XOR-Based Self-Decrypting Payload (With Memory Execution)
1c. RC4-Based Self-Decrypting Payload (C++)
1d. AES-Based Self-Decrypting Payload (C++)
1e. Advanced UPX Methods for Modifying Binary Structure
2. Direct syscalls intro
2a. Direct Syscalls cpp
2b. Indirect Syscalls intro
2c. Indirect Syscalls -Tool
3. API Hooking
Learn Clouds like a systems engineer hack like a script kiddie
0. Clouds
1. Clouds testing Scoping
2. Associate roles and services
Attack Clouds
0. Attack Clouds
1. Search for Credentials - Services
2. Search for Credentials - File
Attack Azure
0. Resources
0. Azure - Readme
1. Azure Blob Container to Initial Access
2. Unlock Access with Azure Key Vault
3. Azure with Bloodhound and Microsoft.Graph
4. Loot Exchange, Teams and SharePoint with GraphRunner
5. Unmask Privileged Access in Azure
6. Azure Recon to Foothold and Profit
8. Execute Azure Credential Shuffle to Achieve Objectives
Attack AWS
0. AWS Resources
1. AWS Cloud Services
2. AWS Enumeration Process
AWS -Tools