Route Zero: Security Tools, Tips & Recs

  • Proving Grounds Practice: CookieCutter Walkthrough

    Let’s take a look at CookieCutter, a Try Harder Linux machine on OffSec’s Proving Grounds Practice. We’ll delve into server-side template injection (SSTI) accessed via server-side request forgery (SSRF), reverse-engineer a compiled C binary to uncover plaintext passwords, and escalate privileges by exploiting sudo permissions and setuid capabilities. Buckle up;… Continue ⇢

  • How to Set Up Your Working Environment for Android Pentesting

    Long overshadowed by the traditional focus on network and endpoint security, mobile security is now emerging as a critical priority as attackers increasingly target mobile platforms. Today, I will walk you through the steps of setting up a virtualized working environment to begin auditing Android applications. We’ll start by selecting… Continue ⇢

  • Proving Grounds Practice: Serialrunning Walkthrough

    Today, we will take a look at serialrunning, a relatively new intermediate-level Linux machine on OffSec’s Proving Grounds Practice. Initial Enumeration If you’ve been following our PG Practice writeups for a while, we hope you’ve grown as accustomed to starting off your enumeration with an nmap as Catholics have become… Continue ⇢

  • Top 10 Cybersecurity Myths You Still Believe and Why They’re Costing You

    Cybersecurity is full of myths and misconceptions, and some of them have been around for so long they feel like common knowledge. But just because “everyone says so” doesn’t make it true. These myths don’t just cause minor inconveniences—they can leave your data vulnerable, cost your business millions, and even… Continue ⇢

  • Proving Grounds Practice: Midnight Walkthrough

    Let’s take a look today at Midnight, a Get to Work Windows machine on OffSec’s Proving Grounds Practice that was part of the EXP-301 Labor Day CTF. We will explore enumeration techniques, reverse engineering an executable, identifying buffer overflow vulnerabilities, leveraging information leaks, and exploiting service path vulnerabilities to gain… Continue ⇢

  • Proving Grounds Practice: Access Walkthrough

    Aloha from your friends here at Route Zero! Today we will walk through Access, a Get to Work Windows on OffSec’s Proving Grounds Practice. TIP: Access is one of the best OSCP supplemental practice machines available on Proving Grounds Practice. (I emphasize supplemental because the PWK-200 labs should be your… Continue ⇢

  • Proving Grounds Practice: Nara Walkthrough

    Welcome back! Today, we will guide you step-by-step through enumerating, exploiting, and escalating privileges in Nara, a Get to Work Windows machine in Proving Grounds Practice. NOTE: OffSec notes that this machine is OSEP-level, but I think it is still good practice for OSCP. We will start with enumeration using… Continue ⇢

  • Proving Grounds Practice: Escape Walkthrough

    Welcome back! Today, we’ll walk through Escape, a Try Harder Linux machine in OffSec’s Proving Grounds Practice. Enumeration: Nmap Let’s begin with a simple Nmap scan: Nmap shows that ports 80 and 8080 are open, both running Apache servers but different versions, and port 80 running the default page whereas port 8080… Continue ⇢

  • Proving Grounds Practice: Phobos Walkthrough

    Let’s take a look at Phobos, a Try Harder Linux machine on Proving Grounds Practice. (WARNING: This machine is one of the hardest PG Practice machines ever made—you will get stuck many, many times. But I’d still encourage you to try to solve as much as you can without peeking… Continue ⇢