guff

Sokar: Author's Narrative

published on

At the very moment I am typing this, ~4 hours remain on the countdown clock for VulnHub’s Sokar Competition. We have also received about 17 complete write-ups, which I’m really pleased with.

Now, Sokar was never originally designed to be released on VulnHub, let alone feature as a birthday competition. So this post serves to outline Sokar’s origin story, the intended exploitation path and anything else I can think to talk about.

Read More...

Offensive Security: The Playground (Beta) Review

published on

Offensive Security are launching a new Virtual Penetration Testing Lab, dubbed The Playground.

For those who have already taken an Offensive Security course (e.g. PWK), you will already be familiar with the types of machines in the lab - mainly various flavours of Linux and Windows. The Playground is even more versatile and also includes Citrix, Windows AD Domains, SCADA, IPS and anti-virus.

I was incredibly lucky and was offered the chance to join the private beta program for testing the Playground; which involved attacking as many of the machines as possible and providing appropriate feedback to Offensive Security. The intricate details of the lab will obviously remain private, but we were permitted to publish this final review of our experience.

So without further ado…

Read More...

Kvasir: I Follow Up

published on

It’s been about a month since Kvasir I was made available on VulnHub, so I thought I would write a follow-up post about it. In some ways, it was a vulnerable VM which went in a different direction to the ones we are used to. It was also the first VM I have produced, so I wanted to jot down a few notes about what I thought worked well and what didn’t.

Read More...

Kvasir: I Released

published on

After the war between the Aesir and Vanir, all the Gods made a truce by spitting into a bowl. They stirred up the mixture and created a new God of Knowledge. His name was Kvasir and he was made the most amazing diplomat to prevent further disagreements.

Read More...