This is my walkthrough of HackTheBox Doctor, 10.10.10.209.

Kali Linux recently switched from the Bash shell to Zsh. I log the output of every command run during a pentest to a logfile, in addition to saving screenshots. Pentesters are frequently asked by the client or Blue Team for information to correlate with SIEM alerts, so it’s a good idea to update your Zsh prompt to include the date, time, and IP address.

In the past I’d use a Mac when I needed to test iOS apps on a jailbroken device due to getting an error in Linux about needing to mount an Apple Developer Disk image when trying to use Frida and Objection on Ubuntu or Kali to test an iOS device:

During the kickoff call, ask if any user input in the thick client app can be viewed by backend web interfaces, or if there is a web client that complements the thick client. If yes, ask if they want to add it to be tested. This should be scoped to another assessment, as we don’t want to give away free work. Additionally, there is a possible attack vector if user input in the thick client is not sanitized and can trigger attacks such as XSS in the web client. On multiple occasions I’ve submitted XSS payloads in a thick client and found the payload to execute successfully on related backend web apps.

Docker has some very good use cases for pentesters. I cover what is Docker, how to install it, basic usage, and some interesting use cases for penetration testers. This video covers using Docker to run pentesting tools, not how to exploit docker containers.

The following Golang code demonstrates how to take a network address string in CIDR format and return a slice of strings containing host addresses. Note that I found this code on the Golang Playground (I don’t know specifically who to attribute it to) and edited it slightly and added my own comments so that I was sure to understand what the code was doing before posting it here for my notes.

Nessus-Exploitable is a simple Ruby script to parse Nessus .nessus files and output all exploitable vulnerabilities in tab separated values format for import into Excel.

I was working for a very large corporation that has many subsidiaries and they were buying up smaller companies. We needed to send out a dropbox (Raspberry Pi or Intel NUC) that we could have a remote office plug into the network for internal pentesting and it establishes a ssh tunnel to our server regardless of network restrictions in the remote office.

Android Testing Cheatsheet - Configuring tools and mobile device for Android app testing and find vulnerabilities. Updated on 4/20/2020

How to use the Objection framework with Frida to reverse engineer an Android app to bypass root detection.