Post

Week #6 Now or Never

Posted
Preview Image
By Frey
4 min read
Week #6 Now or Never

What Happened Last Week?

  • Completed reporting tasks
  • Got injured
  • I will be leading CVE now in teams
  • Achieved a 100-day streak on Duolingo
  • Found some bugs
  • Played HTB a lot
  • Read some frustrating reports
  • Started the BSCP journey with authentication issues
  • Completed HTB Mini Pro Lab “FullHouse”
  • Kicked off the 100 Days Challenge

Done with the Project!

The exam our company conducted at the end of January is now submitted along with the report. It was a hell of a task, and I’m glad it’s finally done! As I mentioned earlier, the web machine wasn’t that difficult, but the Linux privilege escalation was a nightmare. However, we still managed to get root access. The report was a team effort, and even though I got injured, I still managed to get it done.

I Got Injured – Hell Nooo

Silly mistakes and stupid moves always end up in injuries! I was doing some bad exercises, followed by freestyle moves, and ended up hurting myself. At that moment, I didn’t realize it, but once my body got into rest mode, it felt like my right hand was gone! There’s still pain, but I can bear with it. :)

CVE Leading

I hope to lead the CVE reproduction and finding section in my company.

Why am I doing it?
When I started, they assigned me five CVEs, and I pulled them off in just two weeks. It was easy since public exploits and documentation were available. But now, I hope to start finding my own CVEs. I’ll share more soon!

I know very few people read all this, but I prefer to have only quality people around me.

100 Days on Duolingo

Wow! Talk about being consistent with language learning. I’m learning Russian and Spanish, both for personal reasons.

It’s obvious that I want to travel. However, I don’t think I can make it this year because I feel there’s still a lot I need to accomplish before going into “wild mode.”

Bugs GG

Well, I actually found 4 bugs during pentesting:

  • OTP bypass without rate limit (2FA)
  • .git exposed
  • Open redirection
  • Business logic error
  • I’m currently trying to exploit a file upload vulnerability, but no luck yet

research

I want to write a lot about them, but check my Twitter—I’ve shared everything there.

Reports Reading

I was reading a report on Xvideos, and boom—I closed the tab! The report was something I didn’t expect people to get a bounty for, but apparently, bypassing HackerOne’s security measures gives an edge to internal teams.

What I feel is that triage teams or whoever receives your report don’t care about you personally—it all comes down to how you present it and its severity.

Started the BSCP

I’ve started my BSCP journey! One of my friends has already done it, so I also decided to take it on as a test.

To complete it, I need to go through all the labs and then take the exam. So far, I’ve completed the authentication lab, and now I’m working on broken access control. The plan is to tackle server-side issues first before moving on to client-side ones.

research

Doing HackTheBox!

Today is February 9, and I still have a long list to complete. I need a better plan to prepare myself. There are so many cool challenges and machines I want to finish before my subscription expires.

If I can’t complete them in time, I’ll purchase a new subscription! But funnily enough, I’ve never bought anything online before—my account got blocked, so maybe it’s finally time to fix that.

research

100 Days Challenge to Change My Life

Sounds weird, right? But yeah, I’m doing it!

To cut out distractions, I will reduce unnecessary activities and avoid wasting time. This challenge is going to be tough—both mentally and physically.

I want to reach the next level, so I won’t be posting anything for weeks. Instead, I’ll just write a blog on Twitter when the time is right. No drama, just pure focus.

This challenge includes:

  • Learning 3-4 hours daily
  • Testing my skills for 4 hours daily
  • Reading reports
  • Meditation
  • MMA training
  • Pushing my limits
  • Staying serious but happy—smile through the grind
  • Writing handwritten notes (I have a notebook, and I will complete it!)

research

Anger Issues & The Bigger Picture

People close to me know about my anger issues. In the real world, it’s something I struggle with a lot, and I want to get rid of it.

That’s why I’m doing this challenge—along with the money factor, which I can’t ignore. So, discipline and consistency are key!

And lol, if you think I work too much—nah, I also relax. Right now, I’m watching Hajime no Ippo—a must-watch anime!

That’s it for the week—see you in the next one!

Active Directory
Active Directory Web Security HackTheBox
This post is licensed under CC BY 4.0 by the author.