Archive for the ‘cybersecurity’ Category

HOW NOT TO: Compromise your VMware vSphere Hypervisor ESXi 5.1, 5.5, 6.0, 6.5, 6.7, 7.0, 8.0 by adding to Microsoft Active Directory

Thursday, August 22nd, 2024

In this video presentation which is part of the Hancock’s VMware Half Hour I will show you HOW NOT TO: Compromise your VMware vSphere Hypervisor ESXi 5.1, 5.5, 6.0, 6.5, 6.7, 7.0, 8.0 by adding to Microsoft Active Directory. I will demonstrate the exposure, and discuss how to avoid it.

In this video demonstration the ESXi servers are ESXi ARM 7.0, but the same functionality has been built into ESXi since 5.1.

On the 29th July 2024, Microsoft  discovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full administrative permissions on domain-joined ESXi hypervisors.

this publication is here – https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/

VMware vExperts – Christian Mohn wrote about it here – VMware vSphere CVE-2024-37085 – A Nothing Burger

and Bob Plankers goes into more detail here – Thoughts on CVE-2024-37085 & VMSA-2024-0013

Please have a read of these publications.

Broadcom have issued updates and fixes to vSphere 7.0 and 8.0, and VCF 4.x and 5.x only. There is no security update for 6.7.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505

Post to Twitter

An Incredible 8-Month Journey with TryHackMe – Transformative Learning Experience!

Friday, August 16th, 2024

Over the last 8 months, I have thoroughly enjoyed using TryHackMe as my go-to platform for learning pentesting, hacking, and cybersecurity. The experience has been nothing short of trans formative, providing me with hands-on, practical skills that go far beyond theoretical knowledge.

TryHackMe offers an engaging and immersive learning environment, with a vast range of labs, challenges, and guided paths that cater to learners at all levels. Whether you’re just starting out or already have some experience, the platform provides a structured yet flexible approach that allows you to learn at your own pace.

One of the aspects I’ve appreciated the most is the way TryHackMe breaks down complex topics into manageable, easy-to-understand segments. The interactive labs have given me the confidence to apply what I’ve learned in real-world scenarios, which is invaluable for anyone serious about a career in cybersecurity.

The community and support on TryHackMe are also fantastic. With active discussions, helpful hints, and a supportive network of learners, I never felt stuck or overwhelmed. The team behind TryHackMe continuously updates and expands the content, ensuring that the learning experience stays fresh, relevant, and challenging.

In just 8 months, TryHackMe has significantly advanced my knowledge and skills in pentesting and cyber security. I can’t recommend it highly enough to anyone looking to dive into this field—it’s an indispensable resource that makes learning not just effective but genuinely enjoyable!

Einsteinagogo completes all current 13 TryHackMe Learning Paths Completed !

Finally after many many hours, which I started in January 2024, I have now completed all the TryHackMe Learning Paths, of which there are 13 in total to date, and I went back and completed SOC Level 1, which had been added to.

Also earned 60 badges out of a total of 74, although 74 I think is now impossible as some badges are legacy!

So here’s a timeline of how I did them

  1. Introduction fo Cyber Security – 9th April 2024
  2. Pre Security – 15th April 2024
  3. Complete Beginner – 25th April 2024
  4. Jr Penetration Tester – 15th May 2024
  5. CompTIA Pentest+ – 17th May 2024
  6. DevSecOps – 26th May 2024
  7. Cyber Defense – 17th June 2024
  8. SOC Level 1 – 23rd June 2024
  9. Offensive Pentesting – 26th June 2024
  10. Red Teaming – 30th June 2024
  11. Security Engineer – 11th July 2023 – Time to Complete 64 Hours and 30 minutes
  12. Web Fundamentals – 1st August 2024 – Time to Complete 16 hours 35 minutes
  13. SOC Level – 16th August 2024 – Time to Complete 68 hours 50 minutes

What next, A Rest! There are still some badges which elude me, and another 500+ rooms, I’ve not completed, and I’m not in the Top 500 yet!

 

Post to Twitter

einsteinagogo’s Realtime TryHackMe Badge

Friday, August 16th, 2024

einsteinagogo TryHackMe Badge

Post to Twitter

Boogeyman Slayer Badge Awarded from TryHackMe SOC Level 1 Training Path Certification

Wednesday, August 14th, 2024

Another badge from Awarded from TryHackMe, this is a recently new badge, as TryhackMe recently updated the SOC Level 1 Training Path Certification, which I completed in June 2024, so I’m currently 50% of the way through SOC Level 2, so I went back to complete the additional rooms, and gain a group of new badges!

Boogeyman Slayer

Boogeyman Slayer

SOC Level 1 Certificazte

SOC Level 1 Certificazte

Post to Twitter

28 More badges earned from @RealTryHackMe in 4 months!

Tuesday, August 13th, 2024

My TryHackMe Profile

So in the last four months since, my last posts, I’ve earned another 28 badges and there they are! When I started this THM journey in December 2023, I was Ranked 55,648 out of approximately 3 million THM Hackers!

Latest badge shows I’m now Ranked 1750 and in the Top 1% ! It would be nice to get into the Top 500 !

Post to Twitter

17 More badges earned from @RealTryHackMe in 3 months!

Tuesday, April 23rd, 2024

So I’m trying to build up a 180 day hacking streak at TryHackMe, so in the last 3 months, I’ve earned a total of 17 New Badges! and here they all are!

Post to Twitter

Some new badges earned from @RealTryHackMe

Monday, January 8th, 2024

For the past 5 years, I’ve been completing the AoC (Advent of Cyber), which is 24/25 days of cyber “hacking” tasks, every day leading up to Christmas Day. These are the new badges I’ve earned for 2023.

This year was a special year, because not only did THM have the usual AoC, they also had some very insanely difficult Side Challenges, to complete a single challenge earned this badge from TryHackMe

To complete ALL the four challenges earned this badge

Post to Twitter