/ Recent content on The Hydra's Head Hugo en Mon, 25 Sep 2023 21:00:00 +0200 /posts/thm-certain-doom/ Mon, 25 Sep 2023 21:00:00 +0200 /posts/thm-certain-doom/ Link: https://tryhackme.com/room/certaindoom Difficulty: Hard Creator: Hydragyrum Old Components Lead to Certain Doom! Link to heading Welcome back to a brand new room on TryHackMe. After a bit of a hiatus, I built this room on and off again after seeing a cute exploit during a local CTF at work. The premise is straightforward: The user sees a seemingly innocuous website which has a few secrets hidden behind. First Steps: Reconnaissance Link to heading Once we’ve booted the machine up and waited a few minutes, we hit the target with a simple nmap scan. /posts/thm-shaker/ Fri, 17 Dec 2021 15:00:00 +0100 /posts/thm-shaker/ A Devious Challenge for a Modern 0-day Link to heading The recent log4j exploit made waves in the Java world when a major exploit using a relatively obscure part of the language was discovered. In this room, we’ll exploit this exploit in several different ways and see what’s hiding behind this seemingly innocuous website. Reconnaissance Link to heading Once we’ve booted the machine, let’s see what’s on there. Using nmap this time, we’ll perform the scan in 2 parts. /cv/ Tue, 19 Oct 2021 10:09:54 +0200 /cv/ Adam Bertrand Software Engineer About Me I am a long-time software developer with over 15 years of experience in developing bespoke solutions for clients in a wide array of industries. Over my career I have used various technology stacks in C/C++, Java, HTML/CSS/JavaScript, and Python among others. I have recently also become very interested in secure development practices and cybersecurity in general. Contact Info hydragyrum @ gmail.com Work Experience Pentester 2024-Present Abicom Test software systems for vulnerabilities Provide advice to implementers on how best to secure vulnerable systems Analyze and validate recent vulnerabilities and exploits Information Security Correspondent 2023-2024 Accenture Accompany development teams to aid with security issues Follow up on penetration testing issues Communicate Secure By Design best practices to development teams Relay important security information to the development teams Technical Lead 2019-Present Accenture Continuously seek out best practices and improve the state of the art Provide technical direction for the project. /posts/cybersec-with-tryhackme/ Mon, 05 Jul 2021 22:00:00 +0200 /posts/cybersec-with-tryhackme/ Making Learning Fun and Easy! Link to heading Do you want to learn about cybersecurity, but are too afraid to jump in? Does learning the basics feel like an overwhelming challenge? Do you just want to learn a little bit more about how computers and the Internet work? If you answered yes to any of these questions, then I have some great news for you! TryHackMe, A CyberSecurity training platform has released a brand new “Pre-Security” Learning Path. /posts/from-ctf-to-cve/ Mon, 10 May 2021 23:00:00 +0200 /posts/from-ctf-to-cve/ An Unexpected Journey Link to heading So this post was originally going to be a writeup of the Year of the Jellyfish Room on TryHackMe (created by the ever devious MuirlandOracle), but it morphed into something much more interesting (The writeup is still on the table though :)). In the Beginning Link to heading So the Year of the Jellyfish starts off innocently enough with some basic recon. The twist with this room is that it has a public IP address, but I didn’t let that stop me too much. /posts/thm-git-and-crumpets/ Fri, 16 Apr 2021 23:00:00 +0200 /posts/thm-git-and-crumpets/ Further Adventures in Version Control Link to heading Version control is an extremely useful tool in the coder’s arsenal. Git has since emerged as the clear winner of the version control wars (until the next great thing comes around, programmers have the attention span of a ferret ;)). One of the cool things about git is it’s distributed nature, yet as we all know, actually sharing a repository with others is a pain. /posts/thm-overpass3/ Mon, 25 Jan 2021 22:50:00 +0100 /posts/thm-overpass3/ Link: https://tryhackme.com/room/overpass3hosting Difficulty: Medium Creator: NinjaJc01 Overpassed? The Story so Far… Link to heading While the original Overpass room (Writeup here) dealt with Password Managers, they were unfortunately hacked in Overpass 2 (Which is an excellent blue-team walkthrough). Since then the password manager went bust and the company has switched to web hosting in Overpass 3 Surely nothing can go wrong! Looking Around Link to heading So as always, we start by looking at what’s on our target. /posts/thm-the-great-escape/ Thu, 07 Jan 2021 09:00:00 +0100 /posts/thm-the-great-escape/ Docker, Networks, and Container Escapes; Oh My! Link to heading In my second room, I wanted to explore the concept of a Docker Escape. Docker is an extremely useful tool which allows us to isolate applications from each other and the host OS without having to resort to virtual machines. Properly configured it can be very secure, though misconfigurations can introduce massive security holes, which we shall soon see. /posts/thm-git-happens/ Fri, 24 Jul 2020 22:00:00 +0200 /posts/thm-git-happens/ Link: https://tryhackme.com/room/githappens Difficulty: Easy Creator: Hydragyrum Adventures in Version Control Link to heading Version control is awesome, it really is! Especially Git. But sometimes, site admins or devs make stupid mistakes, and one of these mistakes is failing to cleanup after one’s self when deploying. In this simple room, the goal is to figure out which username and password combination will unlock the rest of the site. So let’s get cracking. /posts/thm-overpass/ Sun, 19 Jul 2020 21:45:00 +0200 /posts/thm-overpass/ Link: https://tryhackme.com/room/overpass Difficulty: Easy Creator: NinjaJc01 5 Bros and a Password Manager Link to heading So password managers are all the rage these days, how hard can it actually be to create one? This beginner-level Capture the Flag room on the excellent TryHackMe site can show us. Overpass is the fruit of the labours of 5 broke college students trying to capitalize on the password manager craze. What can possibly go wrong? /posts/thm-mindgames/ Sat, 13 Jun 2020 22:11:29 +0200 /posts/thm-mindgames/ Link: https://tryhackme.com/room/mindgames Difficulty: Medium Creator: NinjaJc01 The Madness Returns Link to heading Descent into madness with this expert-level Capture the Flag game from TryHackMe. Mindgames is a new (at the time of writing) free room, pushing your skills, and your mind to the breaking point. There are no guides here, so it’s up to you to research and root the machine to find both flags. I highly recommended to try the Wonderland room before this one. /posts/thm-wonderland/ Mon, 08 Jun 2020 22:08:00 +0200 /posts/thm-wonderland/ Link: https://tryhackme.com/room/wonderland Difficulty: Medium Creator: NinjaJc01 Adventures Down the Rabbit Hole Link to heading Follow the white rabbit and dive into this intermediate-level Capture the Flag game from TryHackMe. Wonderland is a new (at the time of writing) free room, testing your privilege escalation mettle using various techniques. There are no guides here, so it’s up to you to research and root the machine to find both flags. As usual, all flags and passwords have been removed to preserve the suspense. /posts/thm-simple-ctf/ Fri, 05 Jun 2020 09:40:23 +0200 /posts/thm-simple-ctf/ Link: https://tryhackme.com/room/easyctf Difficulty: Medium Creator: MrSeth6797 A Simple Capture the Flag From TryHackMe Link to heading Simple CTF Is an easy-level boot-to-root (b2r) machine hosted by the excellent TryHackMe site. This challenge has us exploiting a poorly configured CMS to gain access to the host machine. The task questions guide us through the path to exploit the machine and provide some hints as to where to look. Flags and passwords have been removed to keep the suspense :) /about/ Fri, 05 Jun 2020 00:10:02 +0200 /about/ This is my blog. There are many like it, but this one’s mine /posts/first-post/ Fri, 05 Jun 2020 00:09:54 +0200 /posts/first-post/ Hello, World!