penetration testing

Lessons Learned from the Legal Aid Agency Data Breach

The MoJ (Ministry of Justice) has disclosed that the LAA (Legal Aid Agency) suffered a data breach last month, in which criminals accessed data relating to hundreds of thousands of people, dating back to 2010. Exfiltrated data may have included “contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments”. According to the BBC, more than 2 million pieces of information were taken, including data relating to “domestic abuse victims, those in family cases and others facing criminal prosecution”. It’s not known whether

The post Lessons Learned from the Legal Aid Agency Data Breach appeared first on IT Governance Blog.

May 22, 2025
0 comment
Read More >>

Hack The Box: Heal Machine Walkthrough – Medium Difficulty

Writeup Summary: Heal (Hack The Box)

This box involved thorough enumeration that uncovered multiple subdomains, including a Ruby on Rails API. Initial access was gained by chaining a Local File Inclusion vulnerability with password cracking and exploiting a LimeSurvey plugin upload vulnerability. Privilege escalation was achieved by identifying and exploiting an exposed Consul service accessible through SSH port forwarding.

This challenge showcased key red teaming skills: web application exploitation, misconfiguration abuse, credential harvesting, and lateral movement.

#HackTheBox #CyberSecurity #RedTeam #PrivilegeEscalation #BugBounty #WebSecurity #Infosec #CTF #HTB #OffensiveSecurity #LinuxExploitation

The post Hack The Box: Heal Machine Walkthrough – Medium Difficulty appeared first on Threatninja.net.

May 17, 2025
0 comment
Read More >>

The Co-Op, M&S, Harrods… You? Mitigating the Risk of Ransomware

The recent DragonForce cyber attacks on the Co-Op, Marks & Spencer and Harrods show the threat of ransomware is as prevalent as ever – and, despite warnings from the attackers that they’re “putting UK retailers on the Blacklist”, it’s obviously not just the retail sector that needs to be concerned. For all organisations, it can be disastrous when systems are encrypted and data is exfiltrated. According to Sophos’s State of Ransomware report for 2024, 59% of organisations were hit by ransomware attacks last year. So what can you do to counter the risk? Ransomware as a service Ransomware is, of

The post The Co-Op, M&S, Harrods… You? Mitigating the Risk of Ransomware appeared first on IT Governance Blog.

May 13, 2025
0 comment
Read More >>

Hack The Box: Underpass Machine Walkthrough – Easy Difficulty

Successfully completed the “Underpass” machine on Hack The Box! For the user flag, I enumerated SNMP to discover a Daloradius instance, logged in with default credentials, cracked an MD5-hashed password for the svcMosh account, and used SSH to access the user flag in its home directory. To capture the root flag, I escalated privileges by exploiting sudo permissions on mosh-server, obtaining a session key and port to establish a root session and retrieve the flag from /root/root.txt.

#Cybersecurity #HackTheBox #CaptureTheFlag #PenetrationTesting #LinuxSecurity #PrivilegeEscalation #SNMP #Daloradius #EthicalHacking #InformationSecurity

The post Hack The Box: Underpass Machine Walkthrough – Easy Difficulty appeared first on Threatninja.net.

May 10, 2025
0 comment
Read More >>

HackTheBox – BigBang Machine Walkthrough (Hard Difficulty)

Chained exploitation through misconfigured web app and internal services. We started by exploiting a WordPress plugin vulnerability (CVE-2023-26326) to upload files, followed by a file read vulnerability (CVE-2024-2961) for remote code execution. From there, we cracked the database credentials, gained SSH access as the shawking user, and leveraged a vulnerable API endpoint to escalate to root. This highlights how overlooked configurations and service misconfigurations can lead to a full server compromise.

#CTF #PrivilegeEscalation #WebSecurity #CommandInjection #SSH #WordPress #LinuxPentesting #BugBounty #HackTheBox #RedTeam #CyberSecurity

The post HackTheBox – BigBang Machine Walkthrough (Hard Difficulty) appeared first on Threatninja.net.

May 3, 2025
0 comment
Read More >>

Windows 10 End of Life: What Does it Mean for Your Organisation?

And what are the challenges of migrating to a newer system, such as Windows 11? Windows 10 reaches the end of its lifecycle on 14 October 2025. But what does this mean? What are the challenges of migrating to new systems? What are the security implications? And what are the risks of delaying migration? We put these questions – and others – to our head of security testing, James Pickard. In this interview Hi James. So, what does it mean when systems or software reach the end of their lifecycle? End of life is basically when software or hardware products

The post Windows 10 End of Life: What Does it Mean for Your Organisation? appeared first on IT Governance Blog.

May 2, 2025
0 comment
Read More >>

Hack The Box: Vintage Machine Walkthrough – Hard Difficulty

Introduction to Vintage: In this writeup, we will explore the “Vintage” machine from Hack The Box, categorized as a Hard difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective: The goal of this walkthrough is to complete the “Vintage” machine from Hack The Box by… Read More »Hack The Box: Vintage Machine Walkthrough – Hard Difficulty

The post Hack The Box: Vintage Machine Walkthrough – Hard Difficulty appeared first on Threatninja.net.

April 26, 2025
0 comment
Read More >>