ath0#hack100days : Day 5 : Took a crack at #hackthebox new release, Forgot. Learned some stuff, so that's good. I'm still slow, but eventually got root. I think some of it was more CTF than real life, but I look forward to seeing the reviews from the old hands. #infosec #getsmart
#hack100days: Day 7 : Finished sections 8 and 9 of PWST. Next up, hack Juice Shop. #infosec #getsmart #webapplicationtesting
#hack100days: Day 8: Spun up Juice Shop and started in. Used ZAP to spider. Found an auth bypass. Found a dir from robots.txt with some goodies. Recalled a hint from PWST to reap the goodies. Need to look at hacking a Keepass file. I'm sure I've seen that in a CTF or three. Need to attack the business logic in the app. Look at API enumeration. Time to kick off a directory brute-force and go to bed. #infosec #webapplicationtesting #getsmart
#hack100days : Day 9 : Analyzing main.js from juice shop. Finding endpoints on the server to explore and “endpoints” on the local app to explore. Router is a magic word. Need to do more poking and prodding to ascertain what kind of magic word “selector” is. #getsmart #infosec #webapplicationtesting
#hack100days : Day 10 : Watched a twitch stream of an attack on a #tryhackme box. Lots of malding, lol. Also poked at JuiceShop some more. #getsmart #infosec
#hack100days : Day 11 : More JuiceShop. Explored business logic. Managed to break the server a couple of times. Error checking and handling is hard. #getsmart #infosec #WebAppPentesting
#hack100days : Day 12 : Poked around at JuiceShop again. Worked with a group on derailed on #htb and got user. Don’t have foothold, yet. Got some mentoring on the next step and will work on it tomorrow. #getsmart #infosec #ctf
#hack100days : Day 13 (belated post) : Today was a little weaksauce. Researched kit to bolt onto a Raspberry Pi 3 to make a wifi hacking rig. #getsmart #infosec #wifihacking
#hack100days : Day 14 : Took a crack at metactf.com's Thanksgiving CTF. It's multiple days. Today there are six challenges. I've gotten 5. #ctf #getsmart #infosec
#hack100days : Day 15 : Looks like matactf.com's Thanksgiving CTF is only the five challenges. I'm hit and miss with crypto. I've managed to work out part of the plaintext. Gonna keep noodling on it. #ctf #getsmart #infosec
#hack100days : Day 16 : Still banging at the crypto challenge. I've gotten a big push, by the implementation is still escaping me. I've focusing on the decimal values of the ASCII char set. Maybe tomorrow I try with hex values and see if that leads to a breakthrough. #crypto #ctf #getsmart #infosec
#hack100days : Day 17 : Where I was going to go with the crypto challenge is not the path I took. @apiratemoo gave me some advice and I managed to sort it out. Compared to other crypto challenges I've worked on, I'm happy to have gotten to a solution. I've not seen one like this before. #cryptography #getsmart #ctf #infosec
#hack100days : Day 18 : Started in on Responsible Red Teaming (https://taggartinstitute.org/p/responsible-red-teaming) Today was a busy day, so I need to read. #getsmart #redteam #infosec
#hack100days : Day 19 : #hackthebox release day. Worked on Precious an "easy" linux box. Pretty straightforward. #getsmart #sharpenthesaw #htb #ctf #infosec
#hack100days : Day 20 : More #hackthebox. Worked on awkward and got user. Still working out root. Also worked on carpediem, but didn't get any further than last time. Then went down a password cracking rabbit hole. Trying out JtR and incremental filters. #sharpenthesaw #htb #ctf #infosec
#hack100days : Day 21 : More #hackthebox again. Still chipping away at awkward. I'm likely running around in a rabbit hole. Better here than on a job, I reckon. Time to look through the forums. #sharpenthesaw #htb #ctf #infosec
#hack100days : Day 22 : Took a break from awkward. Poked around at Vortimo OSINT Tool (https://osint-tool.com/) and related integrations. Anyone w/search.censys.io accounts getting 500s after logging in? That's weird. Also played around with hashcat some more and tinkered with using masks. Next I want to play with combined masks and wordlists to see what that gets me. #sharpenthesaw #osint #infosec
#hack100days : Day 23 : Read more on Responsible Red Teaming. Two more sections down. Legality, ethics, responsiblity, and opsec. Good stuff to keep in mind. #sharpenthesaw #redteam #infosec
#hack100days : Day 24 : Today was a grab bag. Pulled off today's #tryhackme advent of cyber challenge. It was not what I was expecting, but I expect the difficulty to ramp up as we go. Tuned into @Alh4zr3d@twitter's twitch stream. Target looked familiar. #ctf #infosec
#hack100days : Day 25 : Today's #tryhackme advent of cyber challenge is sorted. Worked through the next section of Responsible Red Teaming. Tinkered with my zsh prompt. Need to try out sysmon for linux and the logging recommendations in my lab. #ctf #sharpenthesaw #redteam #infosec
#hack100days : Day 26 : Today's #tryhackme advent of cyber challenge is sorted. Poked at the new #htb release. I'm not grokking, but now the interruptions are minimized. So maybe some focus will get me there. #sharpenthesaw #ctf #infosec
Logan 
@scottlink I need to spend more time on hack the box myself! Hope you get up your challenge!
pirate moo 🐮@scottlink That one was probably the most interesting of the challenges from there.
@apiratemoo Agreed. The others were pretty straight-forward. I think they had pitched it for less "seasoned" practitioners. That crypto one, though. Oof.
@scottlink No lie. I stared at the google one for a good 10 minutes at least HAHA
@apiratemoo The google one was good, it took a little more time than the others. I was surprised there was a #ctf opportunity with one of their products, actually. I ended at 162nd out of 552 people w/points on the board. I'm happy with that.
@scottlink I didn't do the last hash one, but that has more to do with laziness haha.
You did great!
When are you going to do your next CTF? I have a team. :)
@apiratemoo I'm planning on the TryHackMe Advent of Cyber next. That should be an easy 24 days for #hack100days. I also want to get ready for my PWST capstone. Planning on working on that between xmas and nye.
@scottlink I'm having my team do Advent 100% since they're so fun 
@scottlink Were you able to get the King to Queen challenge?
@scottlink The obfuscation one? It's not just b64. If you like a-salt rifles, then you know what they are and should add this to something ... I don't know like cyberchef?
@scottlink For that one, we know IEX in powershell is Invoke-Expression right? Commonly used to create reverse shells, but in order to pass that we need to obfuscate the actual cmd a bit to get it do our bidding.
@apiratemoo Thanks for the pointer, I managed to get the obfuscated code one. I'm trying to get viggy with the crypto one. I've got part of the key, but the rest is a bit beyond me. Trying to sort out the role the pics play.
@scottlink OOOH. That's an interesting one. 
@apiratemoo I was checking out a couple of sites with different notation methods. They're generally covering the moves. Moving through the pics don't seem to indicate moves... ...unless the file names don't match the order?
@scottlink They might indicate a rotation of some kind...
@scottlink Where is that happening?
@apiratemoo It's online. Here's the URL: https://metactf.com/f09eb17ad05cd43a
@scottlink You can extract a hash from .kdb and crack it with john/hashcat. 
0xSaiyanGod@scottlink I did my #100DaysOfHacking this year and enjoyed it. Let’s goooooo
ip3c4c@scottlink Hi there - I think I see you on the PWST Discord channel - it’s a great course isn’t it? Great community and instant support from @mttaggart