To properly experiment you need a good Active Directory VM lab setup. An environment where you can test the kinds of tests you want to do and it is OK if the environment breaks. So the environment needs to be easy to rebuild or move back to a functional point in time. This post will …
Category: LABs
Analyze Nmap traffic with Wireshark
To figure out what Nmap really is doing behind the scenes you can analyze Nmap traffic with Wireshark. Whether Nmap is not showing the expected result or you just want to look at the packets – this is a great network lab. Nmap ping probes analyzed with Wireshark The background to this post is that …
Create a SSRF vulnerable website
Create a SSRF vulnerable website to understand the vulnerability and its implications. While learning to use basic building blocks of a website you can learn what issues developers and defenders face and at the same time learn to detect and abuse SSRF. Create a SSRF vulnerable website – LAB In the lab available at Substack …
Create a XSS vulnerable website
Learn XSS through practice and create a XSS vulnerable website. It is vital for you to know the most common web vulnerabilities. Both if you are working on the defensive blue side or if you are working on the offensive red side. Knowing them and their potential impacts helps you to become a better security practitioner. …
Flask app login vulnerable to SQL injection
In this lab you will create a Flask app login vulnerable to SQL injection. Learn the basics of SQL injection by actually writing code that is vulnerable to it. Hack your own Flask app login page and then rewrite the code to not be vulnerable. The impact of SQL injection could be catastrophic so make …
How to build and hack a simple Flask web app with OWASP
How to build and hack a simple flask web app with OWASP? Well not with OWASP but you can use OWASP as inspiration on what to build and hack. The idea behind this post is to explore web vulnerabilities both as a Bug Bounty hunter or a penetration tester, a SOC analyst / Blue teamer, …
Windows services anomaly detection script
Create your own Windows services anomaly detection script in Python to detect a common technique used by real hackers to gain persistence on your computers. By running a program as a service the program gains persistence – the ability to keep running even if the computer is rebooted. The ability to detect which services are …
Windows DLL anomaly detection script
Windows DLL anomaly detection will help you identify suspicious and malicious DLLs loaded in to innocent looking processes. Learn how to create and modify your own script that finds these anomalies. Create your own Windows DLL anomaly detection script That is the goal of this post – that you will learn how to create your …
Windows processes anomaly detection
Create your own Windows processes anomaly detection tool! In the LAB associated with this post an example for how this tool can be built will be showcased. This is perfect for both the above average computer user that wants to be on top of things and essential for someone wanting to get into cybersecurity or …