How To Hack The Box To Your OSCP (Part 3)
What you'll learn
- How modern adversaries breach public facing webservers
- How to weoponize benign applications with exploits
- How to evade AV and EDR with advanced shellcode loaders
- How attackers move laterally, create reverse tunnels and expand influence on the victim network
- How to think in terms of MITRE ATT&CK and understand the vernacular.
- How to test and validate SQLi, XSS, SSTI and more
Requirements
- Hack The Box VIP Account
Description
Are you ready to level up your game?
Ready for the hardest boxes to hack?
Want a challenge without feeling overwhelmed or confused?
I finally did it. I finally decided to create the last series in my three part collection on pwning Hack The Box machines.
There are tons of free write-ups and Youtube videos on-line that will show you how to breach a box but almost none of them break down the process step by step.
And almost none of them include all the commands as a tidy reference.
And even fewer map all attacks to the MITRE ATT&CK Matrix.
What I’ve done is taken you on a journey into my mind as I help you understand how an expert hacker thinks. You will get the behind-the-curtain view into my thought process as I think through difficult scenarios and carefully step through each obstacle until the box is pwned.
In addition, after we pop the box, we’ll take a step back and understand what vulnerabilities led to the initial intrusion vector by exploring host logs, vulnerable application source code and event logs.
I’ve prepared everything you need for learning success in one convenient package.
So, I’m going to ask again - are you ready to level up your game?
You are about to learn the following tools and techniques from an offensive perspective:
MITRE ATT&CK Enterprise Framework TTPs
ping
nmap
rpcdump
rpcclient
smbmap
smbclient
crackmapexec
whatweb
Wappalyzer
curl
openssl
gowitness
Burp Proxy
Burp Embedded Chromium Browser
feroxbuster
wfuzz
Web Application Attacks: SQLi
Web Application Attacks: Reflected XSS
Web Application Attacks: SSTI
Polyglot Payloads
Web Application Attacks: Command Injection
Reverse Shells: Powershell
Reverse Shells: Powershell Upgrade
Reverse Shells: Netcat
Reverse Shells: Meterpeter
Reverse Shells: PSExec
Reverse Shells: NoPAC
Base64 Encoded Powershell Payloads
rlwrap
PEASS-ng
Blue Team: wmic
Blue Team: tasklist
Blue Team: Get-WmiObject
CSRs
Chisel
ProxyChains
FoxyProxy SOCKS Proxies
tshark
responder
hashcat
Lateral Movement
Resource Development: Commando VM!
Resource Development: Exploit Testing and Maldoc creation
Defense Evasion: charlotte
Defense Evasion: Meterpreter
certutil
SharpCollection
PowerView
Rubeus
Certify
date (sounds lame but we actually use it in a way you've never seen before)
Detection Engineering: Log Review
Secure Coding Principles: Source Code Review
If this doesn't excite you, you are not the right person for this course.
But if you're ready to freggin' have a blast and take your learning and skills to beast mode click Buy Now and let's begin!
Who this course is for:
- Intermediate to Advanced Red Team Operators
- Intermediate to Advanced Penetration Testers
- Security Conscious Software Developers
- Blue Team SOC Analysts
- Blue Team Threat Hunters
- Cybersecurity Managers (wanting to understand initial intrusions and mitigations)
Instructor
![Vonnie Hudson](data:image/svg+xml,%3Csvg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 64 64"%3E%3C/svg%3E){kind=avatar}
- 4.5 Instructor Rating
- 1,818 Reviews
- 15,590 Students
- 25 Courses
I'll never forget the day I first got hacked.
I was fooling around in an AOL chat room downloading little hacking programs called proggies and punters. I thought I was special, or leet as they call it, simply because I had a lowercase screenname which made me a bit mysterious since AOL didn't let ordinary people create lowercase names (called icases); my icase indicated that I knew how to "hack" the system.
I also commanded a vast array of punters including Fate X, HaVok Platinum, Firetoolz and Area51. Punters were tiny programs that let you violate AOL's terms of service by booting innocent people off AOL. If someone made me mad I would just click a button and send them into oblivion. The victim would almost immediately be forced to logoff and go through the painful process of dialing-up and reconnecting.. These proggies also let you scroll text super fast which would prevent other people from chatting and force them to leave the room.
Now that that I think about it, I was was probably at the apex of immaturity but I was barely in middle school and booting people offline was simply too much fun.
But one day I met my match.
I downloaded a program that was purportedly a new punter that had a bevy of features that my other tools lacked. Everything was fun in the beginning but after a few days weird things started happening to my computer.
For example, my CD-ROM would randomly open on its own, my mouse cursor seemed to move without my input and strange programs would sometimes leap onto my screen and then instantly vanish.
I was freaking out! It's really hard to describe just how scary this was.
I had no idea what was happening but I had to find out. Apparently whoever, (or whatever) had seized control of my computer didn't make any effort to hide his or her antics. After a few weeks of complete frustration, a chat box popped on my screen from an unknown name. I was the guy who hacked me. He started to taunt me by saying things like "i got you" or "your password is 1234567"
This is when I made it my mission to figure out as much as I could about this person and his methodology. After several interactions I learned he was using a remote access trojan called SubSeven. I quickly scoured the internet looking for this tool and once I found it I found my new love.
That's how I got into cybersecurity and ethical hacking. I was hacked and wanted to learn how it happened.
Unfortunately, back in middle school my motives weren't so pure and I used my new skills to hack other victims; however, after graduating from high school and with a little prodding by my dad to explore programming, I decided I wanted to major in Computer Science to do good in the world.
Since then I've never looked back.
So who am I? My name is Vonnie Hudson and I have over 13 years of hands-on experience maintaining, troubleshooting and repairing computer software and hardware. I actually started my career as a technical support analyst at a satellite internet company and eventually landed a job at IBM as a security engineer. From there I became the IT director of a large multimedia enterprise based in Time Square, New York.
I'm currently a Senior CyberSecurity Analyst at a large D.C based firm and I regularly contribute to the information security community by attending information security conferences and webinars and sharing my knowledge on my blog and email list.
My blog, fixedByVonnie, gets about half a million visitors per month. The articles span topics ranging from speeding up your browser to ethical hacking with Kali Linux.
I'm also an author and have published a highly rated Windows 8.1/10 Kindle book on Amazon. And always being an avid learner myself, I hold numerous industry standard certifications in good standing including the A+, Network+, Security+, CCNA, CCNP, CISSP and GCIH.
I have a lively Youtube channel, loyal Twitter following and a bunch of book and video ideas which I can't wait to implement. Thanks for reading my profile and checking out my videos - it's going to be a fun ride!
I think my teaching style is a bit unique. I try to respect your time by quickly getting into the content but I also let my personality bleed into everything I do. My videos sometimes feel like you have your very own guru sitting next to you showing you step-by-step how to learn. I promise you that you'll not only get your solid fill of content from my videos but also take away few laughs alone the way. I can't wait to see you inside!
Thanks again
-Vonnie