To a new reader, a quick glance at my writing history would suggest that I am a cyber security engineer which is absolutely correct. But then why would I study for something like CKAD which is mostly aimed at developers and devops engineers?
Devops is one of the fastest growing fields in computer science. Almost everyday a new tool or an update comes up and one has to be on their toes all the time. Being a security guy, my ultimate interest lies in the security of devops i.e. devsecops. What I have come to realise that it’s almost impossible…
Before we proceed : This is not a cyber security related blog , this is just a quick blog of deploying a simple web application with a database attached. It’s actually quite a noobish blog, however I wanted to document the process of deploying the application from scratch (except code which I have stolen from another source). This might become unnecessarily long for some as I’ll be putting in each error I was thrown at and how it was solved, but it’s a necessary lesson to not do anything theoretically and always go ahead and implement something because the struggle…
Back again with the first OSCP look alike box writeup of this year . This box requires a little bit of attention to detail and out of the box thinking not to mention once you figure it out, you would be surprised to see how easy it was ! Let’s get started with this :-
Link to the machine :- https://www.vulnhub.com/entry/double-1,632/
Full nmap port scan:-
Hey guys! Back again with what could possibly be this year’s last documented Vulnhub walkthrough. As usual , the trend has been documenting the OSCP like boxes which might be useful for OSCP aspirants and also in general to keep in touch with my skills acquired from OSCP . This is again a very nice machine from which even I learnt a few useful tips and tricks. Honestly , the box was extremely straightforward and also very real as well! So let’s start !
Full nmap port scan:
What is Trivy?
Trivy is a simple vulnerability scanner developed by aquasecurity for scanning containers and other artifacts .It is mostly used for static analysis. It is suitable to integrate with CI phase of pipeline . Aquasecurity is widely know for building security tools towards container and pipeline security . Trivy is available in github here .
What does Trivy do?
As suggested above, it is a vulnerability scanner which is mostly helpful for detecting container level vulnerabilities and dependencies.At it’s core, it is mostly a CVE scanner useful for finding missing patches and already existing and publicly disclosed vulnerabilities…
This is again a very easy level machine good for beginners and for people who want to keep in touch with your basic skills. Highly recommend it for oscp starters as a practice.
The download link is as given below:
As usual, we start with a full port nmap scan:
So recently I acquired my CRTE. My resolution this year was to acquire my personal big 3 i.e. OSCP,CRTP and CRTE. I am happy to share that in a span of 7 months I have all three supposedly considered top level certifications. It has come at the back of lot of hard work and dedication and I am proud that I was able to clear all these and learn so much quickly all in my final year of bachelor’s degree of college . You can find my reviews for the other certs in my blog list if you want :)
Excellent beginner level machine for OSCP aspirants. Nowadays vulnhub has definitely increased the bar of machines and post a lot of realistic machines (unlike HTB which usually post CTF type machines which are almost impossible to solve for me without a few hints) . Let us solve this machine.
Machine link: https://www.vulnhub.com/entry/bbs-cute-101,567/
As usual , I like to run a full port nmap scan.