Netmon is among the easier boxes on Hack The Box and a great box for beginners. It provides some basic lessons on not being lazy. Here’s my write-up.
Continue reading “Hack The Box NetMon: A Beginner Box”
Using multi-factor authentication is a commonly recommended practice for securing user accounts, and it’s available across a range of services today such as Gmail, AWS, Azure, Facebook, Twitter, etc. One of the methods for MFA is to use a third party mobile app like Google Authenticator to generate security codes that are verified by the service. How does this work exactly?
Continue reading “Understanding the Time-Based One-Time Password (TOTP) Algorithm Used for Multi-Factor Authentication (MFA)”
In my line of work, I design and develop enterprise products in the information security and risk management domains. These products generally serve blue teams, and I’ve wanted for a while to get the red team perspective.
So last Fall, I put myself through a self-imposed boot camp: earning the OSCP (Offensive Security Certified Professional) certificate. This is a intermediate-level certificate geared towards penetration testers. Before taking the exam, students spend significant self-directed time (30 to 90 days) in a specially constructed lab environment honing their hacking skills. The exam itself is a 24-hour test in which students are dropped into a network and need to gain admin access to as many machines as possible.
Below is a summary of my journey, along with tips for aspiring students.
Continue reading “Trying Harder and Passing the OSCP: A Developer’s Perspective”