My inital objective was to develop foundational cybersecurity skills but as my knowledge increased I started to work on specific learning paths as detialed below.
To connect with like-minded individuals, collaborate on challenges, and share knowledge.
To prepare for industry certifications like JNPT, PNPT, CEH and CSTM.
To gain exposure of real-world security scenarios.
Tier 0
- Learn how to connect FTP, SMB, Telnet, Rsync and RDP anonymously.
- Learn how to use Nmap to identify open ports.
- Learn how to connect to a MongoDB server.
Tier 1
- Learn basic web exploitation techniques such as SQL injection, Server Side Template Injection, Remote File Inclusion and how to use Web/Reverse Shells.
- Use the services showcased in the previous tier for exploitation.
- Learn how to login to Jenkins and upload a Groovy Shell Script.
- Learn how to upload files to an S3 Bucket.
Tier 2
- Learn how to exploit XXE, IDOR, Log4j and perform cookie manipulation.
- Learn how to exploit binary path hijacking and sudo permissions for privilege escalation.
- Learn the basics of Brute Forcing.
- Learn how to exploit LXD for privileged filesystem access.
- Learn how to exploit insecure functions like "stcmp()" in PHP.
A great collection of machines to help you really understand Active Directory...and how to break it! Hackthebox
Here are some write ups for the challenges that I have completed.
| Challenge | Tags |
|---|---|
| Say Yes to the Best | Password Cracking |
| Jolly Chimp 4 | Cryptography |
| Rev Your Engines #3 | Cryptography |
| Jolly Chimp 4 | Cryptography |
| Rev Your Engines #3 | Cryptography |