Booj thoughts on security

Converting AWS AMI to OVF

This is a short post covering the steps to convert an AWS AMI to a VMDK. I recently had an issue in extracting an AMI from AWS. In performing this form of conversion there are a number of steps that need to be taken to ensure that the Firstly, follow the instructions at https://docs.aws.amazon.com/vm-import/latest/userguide/v in order to expor... Read more

SLAE Exercise 1 - Bind Shell

Introduction This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert Certification exam. Student ID: SLAE - 1193 The format of the first exam was to write shellcode with the following requirements: Create a Shell_Bind_TCP shellcode Binds to a port Execs Shell on incoming co... Read more

HackTheBox - Nightmare

This machine was a worthy successor to Calamity. Whilst it didn’t test you to the same level with exploit development, it does require the tester to read what their exploits are doing, modify them for custom environments and understand the process at all steps. This is an invaluable skill that I’m glad the harder boxes test, as downloading an ... Read more

Pinky's Palace v3 Writeup

A rather different one from the usual, as in this writeup I’ll be tackling Pinky’s Palace v3 by @Pink_Panther. This is probably at around the Intermediate/Hard level, and it teaches some very important things about the way in which you approach your enumeration methodology (one which caught me out for a couple of days and required a nudge to mo... Read more

HackTheBox - Ariekei

Unbelievable! Some idiot disabled his firewall, meaning all the computers on floor Seven are teeming with viruses, plus I’ve just had to walk all the way down the motherfudging stairs, because the lifts are broken again! Here we’re going to dig deep into Ariekei, the winding maze of containers, WAF’s and web servers from HackTheBox. Enu... Read more