Azure Recon to Foothold and Profit | Pwned Labs Learning outcomes Real-world context Threat actors may utilize leaked information, whether unintentionally disclosed, intentionally pasted online or sold on the dark web, in conjunction with tactics like credential stuffing and password spraying to try and gain initial access. Once inside the network, they may leverage management…

Scenario Your red team is on an engagement and has successfully phished a Mega Big Tech employee to gain their credentials. So far increasing access within Azure has reached a dead end, and you have been tasked with unlocking further access. In scope is the entire on-premises and cloud infrastructure. Your goal is to gain…

Scenario Mega Big Tech have adopted a hybrid cloud architecture and continues to use a local on-premise Active Directory domain, as well as the Azure cloud. They are wary of being targeted due to their importance in the tech world, and have asked your team to assess the security of their infrastructure, including cloud services.…

Scope and Objective Objective: You’re a penetration tester on the Hack Smarter Red Team. Your mission is to infiltrate and seize control of the client’s entire Active Directory environment. This isn’t just a test; it’s a full-scale assault to expose and exploit every vulnerability. Initial Access: For this engagement, you’ve been granted direct access to the internal network but no…

Objective and Scope Following a successful social engineering engagement, you have obtained user-level credentials for a corporate workstation. Your objective is to leverage this initial access to perform deep reconnaissance on the internal Windows host. The final goal is to escalate privileges and capture the root flag from the administrator’s directory to demonstrate full system…

Scenario This is the Capstone Challenge for Ryan’s Hacking Linux course on Simply Cyber Academy. As a result, this lab isn’t strictly focused on realism, but rather teaching proper enumeration, lateral movement, and privilege escalation on a Linux machine. There are 6 flags on the machine (you can see the location of each by clicking the…

Objective / Scope You are a member of the Hack Smarter Red Team. During a phishing engagement, you were able to retrieve credentials for the client’s Active Directory environment. Use these credentials to enumerate the environment, elevate your privileges, and demonstrate impact for the client. Network Enumeration Add the domain names to the etc/host file…

Arasaka Objective and Scope You are a member of the Hack Smarter Red Team. This penetration test will operate under an assumed breach scenario, starting with valid credentials for a standard domain user, faraday. The primary goal is to simulate a realistic attack, identifying and exploiting vulnerabilities to escalate privileges from a standard user to a…

Pivoting from an external network to an internal network can seem quite daunting, especially for those who are new to the field of cybersecurity. In this article, I’ll explore how leveraging a tool Ligolo-ng can significantly ease this transition. However, understanding why pivoting is necessary and how it works with the required endpoints is crucial…

Docker is a tool for containerization, enabling you to run applications in isolated environments. In this blog, we’ll cover the basics of Docker commands and demonstrate how to run a static website on your local host while binding it to a specific port. docker pull downloads container images from a registry to your local system.…