"It’s official! In April I will be starting an amazing new job!", I thought excitedly as I laid down my pen. I had just signed my contract with JCore during a nice lunch with a soon-to-be colleague. It was December 23st and signing the contract felt like an early Christmas present. Not only would JCore offer me plenty of opportunity to develop my technical and personal skills, they also offered a fun social environment. During the interviews I was told about pub quizzes, board game nights, Friday afternoon drinks, people playing videogames together… It seemed so much fun! I joined two of these events even before I officially started working for JCore. I had a great time and I was really looking forward for this to become my new normal. Little did I know that my actual new normal would be vastly different due to the corona crisis.
Since beginning of time mankind has been looking for a way to separate right from wrong. Where the primeval man judged righteousness by the contributions of the tribe, the current day programmer judges right by the wishes of the customer. For many years the average programmer wrote a bunch of logic to check if the boundaries defined by the client where uphold. As time went on and programming languages involved, metadata could be added to enrich functions, methods, classes and the like.
Welcome back to the blog series about how to hack a box! In this third post I’ll guide you through the second step: gaining access.
Welcome back to the blog series about how to hack a box! In the first blog I gave an introduction into the steps and prerequisites on How to hack a box. In this second post I’ll guide you through the first step, which is exploration. We will execute the steps on an actual box in Hack The Box, called Blocky.
At the time of writing the coronavirus is raging the earth. Very soon after the outbreak, visualizations of both the virus and the effect of the disease started to appear everywhere. As I partially graduated in the subject of data visualization, I have always been interested in those graphs. Lately, I followed an introduction course to visualize data with D3.js. After I completed this course, I wanted to draw some meaningful graphics with this library. So follow along when I explain a little bit about D3 and then draw a simplified version of the coronavirus molecule.
Welcome to the blog series about how to hack a box! In this first post I’ll guide you through the global steps you can take to hack a box. The steps are universal, so you can use them on any target which you have permission for.
As a developer, you are familiar with Docker. You push your images to the Hub, use Compose locally and know a thing or two about Kubernetes. Or… Well… To be honest… You don’t. And you are ashamed you don’t know anything about it. You browse the internet and it’s so overwhelming. So you stop looking and continue what you’ve been doing all the time. Deep inside, you still wonder. Can’t anyone not just explain Docker in simple terms? Is it really this hard? Or am I just missing something really obvious?
In my last blog I gave you a small introduction into the term "Reverse Shell". I described it as: "A Reverse Shell is where your target machine creates a connection to your machine, after which you get a shell on the target machine in which you can execute system commands." It is similar to SSH, but without any encryption and the connection is created the other way around (from target to you, instead of you to the target).
At JCore, we follow a three year program to become senior developers. After following this program successfully, you will be promoted to the JDriven company. In the final year, we have a specialization in a topic of our choice. I chose to specialize myself further into security. I have been studying this topic for some time now, even contributing to the fast track courses as a security teacher. Until now, most of my time I spent on the defending side and now I want to take a look on "the other side". So my specialization is all about attack, also described as joining "The Red Team".
In my previous blog about Running AWS locally with LocalStack I’ve shown you how to use Localstack, a tool to mock your AWS environment on your local machine. When working with Localstack, I always had to prepare the environment for my application to run. Most of the time this could be done automatically via scripts, but some preparations, for instance editing some data in a S3 bucket, could become a little tricky.