/images/avatar.jpg
DevOps Engineer // Security Enthusiast // Something

HackTheBox Surveillance

Initial Enumeration Port Scan ❯ rustscan -t 1500 -b 1500 --ulimit 65000 -a 10.10.11.245 -- -sV -sC -oA ./{{ip}}.initial Port Protocol State Service Reason Product Version Extra Info 22 tcp open ssh syn-ack OpenSSH 8.9p1 Ubuntu 3ubuntu0.4 Ubuntu Linux; protocol 2.0 80 tcp open http syn-ack nginx 1.18.0 Ubuntu The initial network scan reveals two ports. ❯ curl -L http://10.10.11.245 curl: (6) Could not resolve host: surveillance.htb To resolve this site, 10.

HackTheBox Devvortex

Initial Enumeration Port Scanning We kick off enumeration with rustscan and look for any services running on the target. ❯ rustscan -t 1500 -b 1500 --ulimit 65000 -a 10.10.11.242 -- -sV -sC -oA ./{{ip}}.initial The initial scan shows the target listening on ports 22 and 80. Port Protocol State Service Reason Product Version Extra Info 22 tcp open ssh syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.9 Ubuntu Linux; protocol 2.0 80 tcp open http syn-ack nginx 1.

Running a Fully Automated Media Server

No Plex Zone 8 years ago I started No Plex Zone. It was a great foray into building my own home lab and learning Linux. I initially just wanted to watch movies and shows in my college campus, and before long my friends asked me if they could also watch stuff on my Plex server too. I happily obliged and manually grabbed new releases when asked. This process quickly became unsustainable.

HackTheBox SwagShop

Over a year has passed since I’ve last done anything related to penetration testing. I decided to tackle the SwagShop machine on HackTheBox to ease back into things since it has a nice friendly green “Easy” rating. Note: This post is hidden until the machine is “Retired” to avoid spoilers to the community.

How A Cryptocurrency Miner Made Its Way onto Our Internal Kubernetes Clusters

Medium post: https://medium.com/jw-player-engineering/how-a-cryptocurrency-miner-made-its-way-onto-our-internal-kubernetes-clusters-9b09c4704205

The explosion of cryptocurrency in recent years spurred a wave of exploits targeting unsuspecting machines to mine cryptocurrency for the attackers. Earlier in the year, the JW Player DevOps team discovered one of the aforementioned miners running on our development and staging Kubernetes clusters.

To be clear, our production cluster was not affected, no JW Player customer data was accessed or exposed, and service was uninterrupted. Malicious actors are not always intent on stealing information or taking a website down, they can be just as content (or more so) in stealing your compute power. We take any intrusion very seriously though, and wanted to share our findings to help other DevOps teams harden their systems.

This blog post is broken up into several parts detailing — discovery and diagnosis, our immediate response, discovering and replicating the attack vector, damage assessment, and plans for preventative measures to further protect our systems.

VMWare SSH Bug

When using VMWare to do work on my virtual machines, I came across an annoying bug where all my SSH connections failed:

$ ssh root@52.172.12.100
packet_write_wait: Connection to 52.172.12.100 port 22: Broken pipe