#hack100days : Day 5 : Took a crack at #hackthebox new release, Forgot. Learned some stuff, so that's good. I'm still slow, but eventually got root. I think some of it was more CTF than real life, but I look forward to seeing the reviews from the old hands. #infosec #getsmart

#hack100days : Day 6 : Finished section 7 of PWST. #infosec #getsmart

#hack100days: Day 7 : Finished sections 8 and 9 of PWST. Next up, hack Juice Shop. #infosec #getsmart #webapplicationtesting

#hack100days: Day 8: Spun up Juice Shop and started in. Used ZAP to spider. Found an auth bypass. Found a dir from robots.txt with some goodies. Recalled a hint from PWST to reap the goodies. Need to look at hacking a Keepass file. I'm sure I've seen that in a CTF or three. Need to attack the business logic in the app. Look at API enumeration. Time to kick off a directory brute-force and go to bed. #infosec #webapplicationtesting #getsmart

#hack100days : Day 9 : Analyzing main.js from juice shop. Finding endpoints on the server to explore and “endpoints” on the local app to explore. Router is a magic word. Need to do more poking and prodding to ascertain what kind of magic word “selector” is. #getsmart #infosec #webapplicationtesting

#hack100days : Day 10 : Watched a twitch stream of an attack on a #tryhackme box. Lots of malding, lol. Also poked at JuiceShop some more. #getsmart #infosec

#hack100days : Day 11 : More JuiceShop. Explored business logic. Managed to break the server a couple of times. Error checking and handling is hard. #getsmart #infosec #WebAppPentesting

#hack100days : Day 12 : Poked around at JuiceShop again. Worked with a group on derailed on #htb and got user. Don’t have foothold, yet. Got some mentoring on the next step and will work on it tomorrow. #getsmart #infosec #ctf

#hack100days : Day 13 (belated post) : Today was a little weaksauce. Researched kit to bolt onto a Raspberry Pi 3 to make a wifi hacking rig. #getsmart #infosec #wifihacking

#hack100days : Day 14 : Took a crack at metactf.com's Thanksgiving CTF. It's multiple days. Today there are six challenges. I've gotten 5. #ctf #getsmart #infosec

#hack100days : Day 15 : Looks like matactf.com's Thanksgiving CTF is only the five challenges. I'm hit and miss with crypto. I've managed to work out part of the plaintext. Gonna keep noodling on it. #ctf #getsmart #infosec

#hack100days : Day 16 : Still banging at the crypto challenge. I've gotten a big push, by the implementation is still escaping me. I've focusing on the decimal values of the ASCII char set. Maybe tomorrow I try with hex values and see if that leads to a breakthrough. #crypto #ctf #getsmart #infosec

#hack100days : Day 17 : Where I was going to go with the crypto challenge is not the path I took. @apiratemoo gave me some advice and I managed to sort it out. Compared to other crypto challenges I've worked on, I'm happy to have gotten to a solution. I've not seen one like this before. #cryptography #getsmart #ctf #infosec

#hack100days : Day 18 : Started in on Responsible Red Teaming (https://taggartinstitute.org/p/responsible-red-teaming) Today was a busy day, so I need to read. #getsmart #redteam #infosec

#hack100days : Day 19 : #hackthebox release day. Worked on Precious an "easy" linux box. Pretty straightforward. #getsmart #sharpenthesaw #htb #ctf #infosec

#hack100days : Day 20 : More #hackthebox. Worked on awkward and got user. Still working out root. Also worked on carpediem, but didn't get any further than last time. Then went down a password cracking rabbit hole. Trying out JtR and incremental filters. #sharpenthesaw #htb #ctf #infosec