Memorable Client Findings
- got a SSTI to RCE through FreeMarker Injection in an admin panel. I actually tested the same app two years ago but found this well-hidden vulnerability through newfound OSWE knowledge and simply looking at additional attack surface that was glossed over last time around
- Internal Penetration Test got a DA service account by spraying
P@ssw0rd
- Fastest DA ever by coercing DC$ to ADCS HTTP endpoint (ESC8) followed by PKINIT for cert swapping then DCSync, client patched it just as quick
- On a phishing gig early on in the year we managed to somehow beat Microsoft Secure-by-Default using Mimecast, and also turns out NetCraft will whitelist if you ask nicely
Work Changes
- I became a Senior Consultant at the start of the year, guess I’m somewhat good enough my at job ¯\_(ツ)_/¯
- Delivered Source Code Reviews for the first time and also spearheaded the service at Sekuro
- I got a super secret thingy that I was waiting for awhile!
Other Achievements
- got OSWE!
- Spoke three months in a row at Bluecon September, Ruxmon October, and Hack.Syd in November! Big personal achievement as I’d never done public speaking prior :)
- I went on-site for what felt like three engagements in a row, segmentation test, purple team and finally internal pentest
- learnt how to connect to a NUC via SSH and Wireguard