Open in app

Sign In

Write

Sign In

Mike Bond
Mike Bond

883 Followers

Home

About

Nov 1, 2020

HTB: Fuse

Target Experience: My observations while working this target: · Enumeration: Life-like · Vulnerabilities: Life-like · Exploitation: Life-like · Foothold Difficulty: Medium · Privilege Escalation Difficulty: Easy/Medium Tools: The recommended tools for this lab were: · Nmap · CrackmapExec · Web Browser · HashCat · SMBPasswd · RPCClient · Evil-WinRM · Visual Studio 19…

Hackthe

7 min read

HTB: Fuse
HTB: Fuse
Hackthe

7 min read


Oct 10, 2020

HTB: Endgame — Xen

Network Experience: My observations while working the targets: · Enumeration: Life-like · Vulnerabilities: Life-like · Exploitation: Life-like · Flag Difficulty — Breach: Hard · Flag Difficulty — Deploy: Easy · Flag Difficulty — Ghost: Easy · Flag Difficulty — Camouflage: Hard · Flag Difficulty — Doppelgänger: Easy/Medium · Flag Difficulty — Owned…

Htb

17 min read

HTB: Endgame — Xen
HTB: Endgame — Xen
Htb

17 min read


Oct 4, 2020

HTB: Blackfield

Target Experience: My observations while working this target: · Enumeration: Life-like · Vulnerabilities: Life-like · Exploitation: Life-like · Foothold Difficulty: Hard · Privilege Escalation Difficulty: Medium Tools: The recommended tools for this lab were: · Nmap · CrackmapExec · SMBClient · GetNPUsers · Hashcat · PowerView (Windows) · RPCClient · Pypykatz · Evil-WinRM …

Hackthebox

7 min read

HTB: Blackfield
HTB: Blackfield
Hackthebox

7 min read


Aug 21, 2020

Certification: CRTP

After completing the OSCP, I was trying to find the “what’s next” for my educational journey as well as helping my pentesting career. I returned to HackTheBox and started studying with Offshore. However, more than halfway through, I ended up hitting the proverbial “brick wall”. …

Pentester Academy

5 min read

Certification: CRTP
Certification: CRTP
Pentester Academy

5 min read


Aug 17, 2020

CrackMapExec Basics

One of the tools that I like to use against Windows based machines during a pentest or a CTF is CrackMapExec, by Marcello Salvati (aka byt3bl33d3r). …

Crackmapexec

4 min read

CrackMapExec Basics
CrackMapExec Basics
Crackmapexec

4 min read


Aug 12, 2020

Golden Ticket Attack

I have had the opportunity to work on my Windows attacking skills within a couple of different CyberRanges recently. I have been trying to understand the different use cases with Mimikatz and decided to share my experiences with a Golden Ticket Attack. To start, a Golden Ticket is a post-exploitation…

Pentester Academy

3 min read

Golden Ticket Attack
Golden Ticket Attack
Pentester Academy

3 min read


May 14, 2020

Microsoft Office 365 Enumeration

I had a recent project to pentest a Microsoft Office 365 (O365) environment. When researching, I found that Microsoft implemented changes towards the end of 2019 to help mitigate user enumeration issues. With those changes, many documented techniques and automated tooling that previously leaked that information either no longer worked…

O365

6 min read

Microsoft Office 365 Enumeration
Microsoft Office 365 Enumeration
O365

6 min read


May 14, 2020

AWS Pass-through Proxy

I attended a recent on-line preview training of Breaching the Cloud Perimeter; presented by Beau Bullack (@dafthack). This training mentioned a technique of using a script named FireProx with an AWS API Gateway to create a pass-through proxy; which rotated the source IP Address with every request. I was very…

Penetration Testing

5 min read

AWS Pass-through Proxy
AWS Pass-through Proxy
Penetration Testing

5 min read


Jan 15, 2020

Certification: OSCP

After several months of studying, I was finally able to successfully achieve the OSCP certification after two attempts. This has been one of the certifications that I have desired after making the switch from a long career in Cisco UC/Networking to Cybersecurity. …

Oscp

7 min read

Oscp

7 min read


Dec 2, 2019

HTB: Networked

Target Experience: My observations while working this target: · Enumeration: Life-like · Vulnerabilities: Life-like/CTF-like · Exploitation: Life-like/CTF-like · Difficulty: Easy/Medium · Community Notes: Life-like/CTF-like Tools: The recommended tools for this machine were: · Nmap · Gobuster · Nikto · Browser · Netcat Vulnerabilities: The following vulnerabilities were found: · Evading White List

Hacking

5 min read

HTB: Networked
HTB: Networked
Hacking

5 min read

Mike Bond

Mike Bond

883 Followers

Cyber Security Enthusiast

Following
  • Cody Thomas

    Cody Thomas

  • Bank Security

    Bank Security

  • Will Schroeder

    Will Schroeder

  • bigb0ss

    bigb0ss

  • Corgi

    Corgi

See all (20)

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech