Tunnel traffic through a compromised jump host to reach otherwise unreachable internal networks or hosts (pivot). As seen in network penetration testing environments.

prerequisite: access via SSH to jump host.
TARGET1 = jump host ; TARGET2 = jump target

set SSH dynamic port forward,
ssh -D1080 root@<TARGET1/>

Check locally that…

a niche remote code execution via deserialization on Apache Tomcat

Affected versions:

  • Apache Tomcat 10.x < 10.0.0-M5
  • Apache Tomcat 9.x < 9.0.35
  • Apache Tomcat 8.x < 8.5.55
  • Apache Tomcat 7.x < 7.0.104

i.e. versions pre-April 2020

Prerequisites to be vulnerable:

  1. The attacker is able to upload a file with arbitrary…

Buff is a Windows machine rated as “Easy” on HackTheBox weighed toward CVEs. Webshells, file transfers and SSH tunnel port forwarding.

After a quick scan for all ports, we see an Apache webserver with PHP on port 8080.

Nmap scan report for 10.x.x.x
Host is up (0.15s latency).
Not shown: 999 filtered…

An often unpracticed Red Team operation scenario involving malicious browser extensions.

For the testing team, the end result is a cloud-hosted C2 server with an operational CursedChrome deployment using Nginx reverse proxy for web session theft.

For the purpose of this assessment a deliberately malicious proof-of-concept extension code is used…

Penetration testing vs red teaming key takeaways & principles

One of the most frequently blogged about topics in the security industry is discussing the key differences and roles of a vulnerability assessment versus a penetration test. With the security industry evolving and organizations slowly adopting their own offensive security capabilities…

The deep web has been gaining mainstream attention and a multitude of blogs have been floating around about the things that could be found on the dark web. There is a lot of confusion over deep web vs. dark web; they are often used interchangeably. In essence the term “deep…

Roman Romanenko

AppSec & OffSec Engineering | DevSecOps | OSCP CISSP

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store