HTB Sniper machine walkthrough. From an initial LFI/RFI foothold within the company website, to abusing malicious Windows help files, Sniper presents the story of a disgruntled developer and their middle finger to the Administrator/CEO on their way out. Sniper was a fun machine with a new angle on the RFI approach I had not used before and allowed me an opportunity to work with CHM files, something I previously also had not done.

HTB Forest machine walkthrough. Forest started with Windows enumeration using SMB and LDAP queries that lead to leveraging a lingering service account with PRE_AUTH disabled for user access. Once on the machine, we were able to abuse the existing Active Directory entitlements to create a malicious user entry with the rights to perform a DCSync using Mimikatz to acquire the Administrator's hash, finally using it to execute a pass-the-hash escalation to Administrator.

HTB Postman machine walkthrough. Postman was a quick, simple machine from HTB. We start off with a redis exploit for initial foothold, then pivot to user by using JTR to crack a backup SSH key before finally using an authenticated Webmin exploit to escalate ourselves to root.

Starting with a client side XSS exploit to get admin app credentials, then chaining it with a localhost code execution bypass we get a user priviledged shell. A suspicious app running locally as System then presented a ... delicate ... buffer overflow opporunity to pivot into System priviledges.

HTB Zetta machine walkthrough. Starting with an FTP FXP IPv6 leak, to an rsync brute-force for user access to the machine. Once on, chained custom syslog messages with a postgres SQL injection to pivot user access. Finally, a dubious password policy leads to using discovered credentials and adapting them to the root password for system level access.

An introductary look into Quantum Computing including the mechanics, concepts and mathematics involved. The focus will then shift to a practical implementation of these concepts using simulated environments and the qiskit python framework.