Week 2 What I Did This Week This week I found and tested an application off of docker called ‘Plone.’ https://hub.docker.com/_/plone https://github.com/plone/plone.docker The reasons I’d ...

Initial Access - EternalBlue + Metasploit Vulnerability Explanation: The machine is vulnerable to EternalBlue. EternalBlue is an infamous exploit of the SMB port against old Windows machines. A pu...

Objective Active Directory implementation can get complicated. There are many ways to configure it and many scripts that can help with automating the process. I’m going to configure Active Direct...

Initial Access - Default credentials to Apache Tomcat leads to malicious file upload Vulnerability Explanation: The webserver on port 8080 uses Apache Tomcat. The server is using default credentia...

Objective Splunk is a well-known and popular SIEM tool. In this scenario, I will be installing it on the Splunk Ubuntu Server on 192.168.10.10. In order for it to gather information from the othe...

Week 1 Purpose Ever since I began learning about cybersecurity in 2022, there has always been one concept that has stood out ahead of the rest. A word that strikes fear into the hearts of any CIS...

Initial Access - Default Credentials leads to Exposed SSH Credentials on Web Server Vulnerability Explanation: The web application, Request Tracker, on port 80 is running with default credentials....

Objective Setting up a network can be a difficult and tedious process. Especially if you have never done it before. Four main components need to be setup to create the network needed for the scen...

Initial Access - Weak Credentials + Publicly Available Exploit leads to RCE Vulnerability Explanation: The web server on port 80 is running with weak credentials admin:admin. This allows for acces...

Purpose Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It provides a centralized location for network administration and security, allowing admini...