Pular para o conteúdo principal

Postagens

Tryhackme - Metasploit: Meterpreter

TryHackMe — Metasploit: Meterpreter Writeup Meterpreter is one of the most powerful payloads included in the Metasploit Framework. It provides advanced post-exploitation features that allow penetration testers to interact directly with compromised systems. This TryHackMe room introduces Meterpreter commands, post-exploitation techniques, credential dumping, file searching, privilege escalation, and system interaction. Warning: For educational purposes only. Task 1 — Introduction to Meterpreter Meterpreter runs entirely in memory and acts as an advanced agent inside the target machine. It allows attackers or penetration testers to: Execute commands remotely; Interact with the file system; Capture credentials; Escalate privileges; Monitor user activity; Perform post-exploitation tasks. Meterpreter supports multiple target operating systems including: Windows; Linux; Android; PHP environments; Python environments. Task 2 — ...
Postar um comentário
Leia mais
Postagens recentes

Tryhackme - Metasploit: Exploitation

TryHackMe — Metasploit: Exploitation Writeup This TryHackMe room focuses on practical exploitation techniques using the Metasploit Framework, including scanning, vulnerability assessment, exploitation, post-exploitation, and payload generation with Msfvenom. Warning: For educational purposes only. Task 1 — Introduction To begin using Metasploit, start the framework with: msfconsole The Metasploit console provides access to scanners, exploits, payloads, post-exploitation modules, and auxiliary tools. Task 2 — Scanning Metasploit includes several modules capable of performing network and service discovery. Port Scanning You can search for available port scanning modules using: search portscan Important Parameters CONCURRENCY — Number of simultaneous targets; PORTS — Port range to scan; RHOSTS — Target IP or network; THREADS — Number of parallel threads. Questions & Answers Q: How many ports are open on the target system? ...
Postar um comentário
Leia mais

Tryhackme  -  Metasploit: Introduction

TryHackMe — Metasploit: Introduction Writeup Metasploit Framework is one of the most widely used tools in cybersecurity, penetration testing, exploit development, and vulnerability research. This TryHackMe room introduces the fundamentals of Metasploit, its modules, payloads, exploits, and how penetration testers use the framework during security assessments. Warning: For educational purposes only. Task 1 — Introduction to Metasploit The Metasploit Framework is a collection of tools designed for: Information Gathering; Vulnerability Scanning; Exploitation; Post-Exploitation; Payload Generation; Exploit Development. Main Components msfconsole — Main command-line interface; Modules — Exploits, payloads, scanners, and auxiliary tools; Tools — Utilities such as msfvenom, pattern_create, and pattern_offset. Task 2 — Main Components of Metasploit Modules are the core of the Metasploit Framework and are designed to perform specific...
Postar um comentário
Leia mais

Tryhackme  -  Moniker Link (CVE-2024–21413)

```html id="n5x2qw" TryHackMe — Moniker Link (CVE-2024-21413) Writeup CVE-2024-21413, also known as Moniker Link , is a critical Microsoft Outlook vulnerability disclosed in February 2024. This flaw allows attackers to bypass Outlook security protections and leak NTLM credentials through specially crafted hyperlinks. This TryHackMe room demonstrates how the vulnerability works, how attackers abuse Moniker Links, and how NTLM hashes can be captured using SMB authentication. Warning: For educational purposes only. Task 1 — Introduction On February 13th, 2024, Microsoft announced a critical Outlook vulnerability identified as CVE-2024-21413 . The vulnerability was discovered by Haifei Li from Check Point Research and affects how Outlook handles specific hyperlink types known as Moniker Links . Attackers can send malicious emails containing specially crafted links that force Outlook to leak the victim's NTLM credentials when interacted with. Question...
Postar um comentário
Leia mais

Tryhackme  -  John the Ripper: The Basics

```html id="p4x7mz" TryHackMe — John the Ripper: The Basics Writeup John the Ripper is one of the most popular password cracking tools used in cybersecurity, penetration testing, and CTF challenges. This TryHackMe room introduces the fundamentals of password cracking using hashes, wordlists, SSH keys, ZIP archives, RAR files, and Linux shadow files. This writeup summarises the main concepts, commands, and practical exercises covered in the room. Warning: For educational purposes only. Task 2 — Basic Terms This room focuses on the extended version of John the Ripper known as Jumbo John , which includes additional features and community-maintained modules. Questions & Answers Q: What is the most popular extended version of John the Ripper? A: Jumbo John Task 3 — Setting Up Your System John the Ripper supports multiple operating systems and includes different editions with varying feature sets. RockYou Wordlist One of the most commonly us...
Postar um comentário
Leia mais

AI Threat Modelling  -  Tryhackme

```html id="m2q8xf" AI Threat Modelling — TryHackMe Writeup As Artificial Intelligence systems become more integrated into enterprise infrastructure, understanding how to model threats against AI environments is becoming a critical cybersecurity skill. This TryHackMe room introduces AI-specific assets, supply chain risks, STRIDE adaptations for AI systems, and modern AI threat frameworks. Warning: For educational purposes only. Task 1 — Introduction This room focuses on AI threat modelling methodologies and explores how traditional threat modelling frameworks evolve to address risks introduced by Large Language Models (LLMs) and machine learning systems. Task 2 — AI-Specific Assets and Attack Surfaces AI systems introduce unique assets and attack surfaces that do not exist in traditional software architectures. Important AI Assets Embedding Vectors — Numerical representations used in RAG systems; Model Registries — Storage systems for producti...
Postar um comentário
Leia mais

Securing AI Systems - Tryhackme

```html id="w8qk2n" Prompt Engineering — TryHackMe Writeup Prompt Engineering is becoming one of the most important skills in the AI era. This TryHackMe room introduces the fundamentals of Large Language Models (LLMs), prompt structure, prompting techniques, and how AI systems interpret instructions. Warning: For educational purposes only. Task 1 — Introduction This room introduces the foundations of Prompt Engineering and explains how modern AI systems process instructions, context, and constraints. Task 2 — LLM Fundamentals Large Language Models (LLMs) process human language by breaking text into smaller units called tokens. Understanding how models interpret prompts is essential for building effective AI workflows. Important LLM Concepts Tokens — Small chunks of text processed by the model; Temperature — Controls randomness and creativity; Top-p — Restricts token selection probability; Context Window — The model's maximum workin...
Postar um comentário
Leia mais