joe tatusko

automate everything

  • Home
  • About
  • HTB: Illumination

    This challenge is looking for access control tokens in a set of provided files while mentioning source control. No one has ever committed an API key to a github repo right?? Provided Files When you download the challenge you’re provided with a password protected zip file with the password. Opening this up, you see a…

    joetats

    January 24, 2023
    ctf, htb
    api key, ctf, git, htb, json
  • TryHackMe: Overpass

    Overpass is an “Easy” rated machine on THM with the goal of getting a user and a root flag. Seems pretty straightforward, only guidance is that the theme is a student-created password manager. Unfortunately we’re taking a look at this a couple years after it was created – there was a THM subscription hidden on…

    joetats

    January 23, 2023
    ctf, tryhackme
    ctf, metasploit, pentesting, priv esc, security, ssh, web
  • TryHackMe: Pickle Rick

    Who doesn’t love Rick and Morty? On this box our goal is to exploit a webserver and find 3 ingredients for Rick to turn back into a human. Once we start it up we should start our recon by looking through the web server. Recon Using BurpSuite and the BurpSuite browser, we can start poking…

    joetats

    January 22, 2023
    ctf, tryhackme
    ctf, linux, pentesting, web
  • Unlocking Protected VBA Projects in Excel

    Note – this was originally published on 09 SEPT 2019 – I’ve slightly updated it to my current Office environment but I’ve added some notes below on how to future-proof it. Amazing how often you’ll need to unlock a VBA project years after you decide you’ll never need to do it again…. VBA is very…

    joetats

    January 19, 2023
    tools
    excel, python, tools, vba
  • TryHackMe: Mr Robot CTF

    This room keeps popping up in my THM ‘todo’ list and I really liked the show (well, the first three seasons. I’m behind.) so it’s probably a good time to give it a go. The first section of tasks are all about connecting your machine to the THM VPN, so once that is knocked out…

    joetats

    January 18, 2023
    ctf, tryhackme
    ctf, pentesting, priv esc, security, wordpress
  • HTB: Templated

    This is a pretty quick challenge which stresses the importance of sanitizing user input – especially with server-side rendering. To start this, select the challenge on HTB and you’ll be provided with a link to a docker container that you can access outside the VPN. Initially the link just shows a little “under construction” page…

    joetats

    January 17, 2023
    ctf, htb
    ctf, pentesting, security, web
  • TryHackMe: Basic Pentesting

    This should be a pretty straightforward box, the details provided note that this will involve brute forcing, hash cracking, service enumeration, and Linux Enumeration. Let’s get started with some recon! Recon Like usual, let’s hit the target with an nmap scan. My initial scan is as follows: This takes a little while, so after making…

    joetats

    January 16, 2023
    ctf, tryhackme
    ctf, pentesting, security, web
  • Joe’s Security Blog

    I had a blog on my site back in 2019-2020 but ended up trimming it down as my focus shifted more to work and other projects that I intended to keep personal. Now that I’ve been diving a bit more into security-related topics I figure it’s a good time to get this going again as…

    joetats

    January 16, 2023
    news

Blog at WordPress.com.

  • Follow Following
    • joe tatusko
    • Already have a WordPress.com account? Log in now.
    • joe tatusko
    • Edit Site
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar