Memorable Client Findings

  • got a SSTI to RCE through FreeMarker Injection in an admin panel. I actually tested the same app two years ago but found this well-hidden vulnerability through newfound OSWE knowledge and simply looking at additional attack surface that was glossed over last time around
  • Internal Penetration Test got a DA service account by spraying P@ssw0rd
  • Fastest DA ever by coercing DC$ to ADCS HTTP endpoint (ESC8) followed by PKINIT for cert swapping then DCSync, client patched it just as quick :stuck_out_tongue_closed_eyes:
  • On a phishing gig early on in the year we managed to somehow beat Microsoft Secure-by-Default using Mimecast, and also turns out NetCraft will whitelist if you ask nicely :sparkles:

Work Changes

  • I became a Senior Consultant at the start of the year, guess I’m somewhat good enough my at job ¯\_(ツ)_/¯
  • Delivered Source Code Reviews for the first time and also spearheaded the service at Sekuro
  • I got a super secret thingy that I was waiting for awhile! :wink:

Other Achievements

  • got OSWE!
  • Spoke three months in a row at Bluecon September, Ruxmon October, and Hack.Syd in November! Big personal achievement as I’d never done public speaking prior :)
  • I went on-site for what felt like three engagements in a row, segmentation test, purple team and finally internal pentest
  • learnt how to connect to a NUC via SSH and Wireguard