🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

3 years of study, a placement year and now into full time work. Uni is over and I'm happy to say I acheived a first-class degree in Computer Science from the University of Sheffield!

Happy to wake up to an email from OffSec. That was a tough exam but Iit was worth the effort to get my #OSCE

It has been a while... jirbj just owned root on Buff ! hackthebox.eu via Hack The Box

And another jirbj just owned root on Time ! hackthebox.eu via Hack The Box

jirbj just owned root on OpenKeyS ! hackthebox.eu via Hack The Box

jirbj just owned root on Omni ! hackthebox.eu via Hack The Box

My 100th HTB machine, was a fun one too jirbj just owned root on Worker ! hackthebox.eu via Hack The Box

Finally caught up with Hack The Box writeups. ~25 new ones are now live at blog.barradell-johns.com/index.php/cate…. Lots of fun machines included! But, I need to stay on top of them better in future.

Always feels good to get a cert result email, thanks for the great intro to AD security Pentester Academy

Checked my email this moring and found that I passed OSWE. Thanks OffSec, probably my favourite course so far!

New work equipment arrives tomorrow, starting on Tuesday. That became very real, very quickly. Excited for the new challenges though!

Week one done. Looking forward to all the new challenges and getting stuck in!

1/5 We are hosting a free Bakery-themed Capture The Flag competition Saturday 15th May - Monday 17th May where you can win a Raspberry Pi! Make sure to sign up before 7pm Friday 14th May to ensure you get an account for the CTF. Students from any UK University are free to enter.

Catching back up, then I have to catch up on writeups too.... jirbj just owned root on Monitors ! hackthebox.eu via Hack The Box

BeaconEye: My first defensive tool release for my #DFIR friends. Detects and monitors beacon command output. Should be considered alpha at this stage and appreciate any feedback on undetected beacons. github.com/CCob/BeaconEye

A post from our Jack Barradell on why ensuring that Azure Entra ID MFA policies are set correctly. Things to consider: Unexpected patterns of use e.g. logons from Linux or macOS & Make sure you log and can react to out-of-band behaviour. There's loads more... pentestpartners.com/security-blog/…

Time to be terrified. I've just dropped my Okta Terrify tool which I demonstrated as part of my BSides Cymru talk last week. You can now backdoor compromised Okta accounts via Windows Okta Verify using attacker controlled passwordless keys. Enjoy - github.com/CCob/okta-terr…

A 32TB SSD for £21?! Bargain, or maybe not. Our Jack Barradell is no stranger to AliExpress, but this purchase was something else. Actually something else - Dodgy disks. My 32TB SSD Adventure pentestpartners.com/security-blog/…

Microsoft Copilot for SharePoint just made recon a whole lot easier. 🚨   One of our Red Teamers came across a massive SharePoint, too much to explore manually. So, with some careful prompting, they asked Copilot to do the heavy lifting...   It opened the door to credentials,

Our Red Team found multiple ways to get around SharePoint’s “Restricted View” and exfiltrate data. Here's how... Jack Barradell walks through Red Team methods using OCR and screenshots, Copilot, browser tricks, and HTML scraping to keep and collect data. No matter the file type