[HackTheBox] Atom

Enumerating the open SMB share shows one interesting .PDF file (the directories client1, client2, client3 were empty). The exploit is utilising a remote code execution in Electron updater. The article is very interesting and can be found here: https://blog.doyensec.com/2020/02/24/electron-updater-update-signature-bypass.html Generate reverse shell payload using Metasploit: Generate a file hash for the reverse shell payload: UploadContinue reading

eLearnSecurity Penetration Testing Student (PTSv3) Review

I recently completed the PTSv3 course and obtained the certification so I thought I’d share my experiences. Initially, I was going to do the Offensive Security Certified Professional (OSCP) certification first but after reading through many reviews I decided against it as my first certification. I stumbled on the eJPT certification training and reading throughContinue reading