Category Archives: something different

23May/18

Display All The Claims For A User Visiting Your .NET Core Azure Web App

Regular visitors of this blog are used to seeing PowerShell and DevOps content, and this is a little bit of a divergence since it’s written in C#, and it’s a .NET Core MVC Azure Web App, but if it found itself on my plate, maybe it will find itself on yours. I was tasked with writing an Azure Web App that users would visit, sign into using their Azure Active Directory (ie: “Work or School”) account, to test if their Conditional Access and MFA was configured properly. Once logged in, a little information about the user is displayed.

Here’s how to pop all the claim information for an authenticated user into a Razor Page.

Continue reading

03Jan/18

HackTheBox.eu Walkthrough – Apocalyst

If you’re a frequent reader of my blog, you know that I mostly post about PowerShell, Microsoft related automation, and that sort of thing. In a previous life, however, I thought I wanted to make a career out of infosec – particularly penetration testing and red team type of stuff. I’m super happy with where my career went instead, but from time to time, I enjoy attempting to knock some of the rust off my ethical hacking/pentesting skills (what little of them there are), and trying my hand at some vulnerable by design boxes. Since it’s the holiday season, I decided to switch things up a little bit for the last couple blog posts.

HackTheBox.eu offers a cool variety of vulnerable by design virtual machines for people to practice their pentesting skills against. There are strict rules about sharing spoilers for “active” boxes, but there are only so many of those, and lots of “retired” boxes are available as well. In today’s post I’m going to share a walkthrough of how I did the retired box “Apocalyst”.

Continue reading

27Dec/17

HackTheBox.eu Walkthrough – Blocky

If you’re a frequent reader of my blog, you know that I mostly post about PowerShell, Microsoft related automation, and that sort of thing. In a previous life, however, I thought I wanted to make a career out of infosec – particularly penetration testing and red team type of stuff. I’m super happy with where my career went instead, but from time to time, I enjoy attempting to knock some of the rust off my ethical hacking/pentesting skills (what little of them there are), and trying my hand at some vulnerable by design boxes. Since it’s the holiday season, I decided to switch things up a little bit for the next couple blog posts.

HackTheBox.eu offers a cool variety of vulnerable by design virtual machines for people to practice their pentesting skills against. There are strict rules about sharing spoilers for “active” boxes, but there are only so many of those, and lots of “retired” boxes are available as well. In today’s post I’m going to share a walkthrough of how I did the retired box “Blocky”.

Continue reading

20Dec/17

HackTheBox.eu Walkthrough – Europa

If you’re a frequent reader of my blog, you know that I mostly post about PowerShell, Microsoft related automation, and that sort of thing. In a previous life, however, I thought I wanted to make a career out of infosec – particularly penetration testing and red team type of stuff. I’m super happy with where my career went instead, but from time to time, I enjoy attempting to knock some of the rust off my ethical hacking/pentesting skills (what little of them there are), and trying my hand at some vulnerable by design boxes. Since it’s the holiday season, I decided to switch things up a little bit for the next couple blog posts.

HackTheBox.eu offers a cool variety of vulnerable by design virtual machines for people to practice their pentesting skills against. There are strict rules about sharing spoilers for “active” boxes, but there are only so many of those, and lots of “retired” boxes are available as well. In today’s post I’m going to share a walkthrough of how I did the retired box “Europa”.

Continue reading