And here are my thoughts on GrrCon this year. Always ends too soon and takes too long to come back around again. Hope to see everyone again.

redlantern.tech/AAR/

Ligolo-NG is awesome. I'm on the pivot labs on HTB and I've been trying it along with the instructions given. Its really slick.

github.com/Nicocha30/li...

My Notes
github.com/RedLanternTe...

The Book
nostarch.com/metasploit-2...

I recently documented my journey so if I had to do it again, I could. Feel free to check out this link to see how I did it.

Either way, it was a fun challenge and learned a few things. I now I have a lab system with Metasploitable 3, vulnerable MS SQL Server, and the makings of GOAD.

Just a quick post as I don't think I'll do a blog this quarter.

Recently picked up the Metasploit Second Edition Book from No Starch Press. It has been a fun read but the real challenge isn't getting through the book...

It's setting up the test box.

This is Tub and Blue. They simply cannot figure out how to get their tennis ball that fell in the pool. Still 12/10 because they really are trying

I spent the last 3 months improving my Linux Terminal skills and going through HacktheBox academy for red teaming. Its been fun and I hope to keep it up in Quarter 2.

redlantern.tech/Q1HTB/

Congratulations to all who competed in the 2025 Southwest Regional Collegiate Cyber Defense Competition this past weekend: Baylor, Louisiana Tech, Sam Houston State, Texas A&M, UT-Austin, UT-Dallas, UT-San Antonio, and Tulsa.

I started my career fixing computers for people and dealing with customer complaints.

You learn how to empathise with people and communicate effectively.

The technical work isn't the difficult part.

The Lamb Chronicles

Got the User Flag right away.

Ran sudo -l and found php could be ran with no password

Used GTFOBins and found a way to escalate to a root shell.

Simple.

My Process:
Nmap the box `nmap -sC -SV <ip address>`, found the openssh and open Apache Server

Ran Gobuster just for enumeration.

Used Firefox, figured out it was running GetSimpleCMS, Checked Searchsploit and Metasploit. Also found weak password on Admin Page,

Used Metasploit to get a shell

Been going through HackTheBox labs and academy. First time this morning was able to get root without a walk through. Sure, It was the knowledge check one at the end of the first module, and I used Metasploit, but still was a cool feeling. Also found the week password for the admin first. Wild.

We're coming up on 10 years since Jessica Payne gave this talk, and it's still my absolute favorite Windows Firewall presentation I've ever seen

If you help others with Windows Firewall, this is probably the best use of someone's time to learn about it

www.youtube.com/watc...

Trying to find a bounty program that's interesting enough to spend a few months hacking on.

Its Groundhog Day. 4 Years ago I started my Linux journey. Time to reflect on it. redlantern.tech/4YearsOn/

Regardless of what we pour into defensive tech, the weak spot will always be the people using technology. Social engineering is too easy, whether it’s a cyber criminal posing as IT support, a scammer romantic interest or a foreign government or domestic organization manipulating public opinion. /3

Level 12 on OTW Bandit is just plain crazy.

A learning experience and don't be afraid to just look up the solution because you still learn some crazy stuff including file signatures and how bzip2 and gzip are similar.

overthewire.org/wargames/ban...

😏

GitHub - RedLanternTech/tmux: Place to keep my tmux config Place to keep my tmux config. Contribute to RedLanternTech/tmux development by creating an account on GitHub.

Decided to move my tmux configuration to its own git repository.

github.com/RedLanternTe...

I need new hobbies (or revisit old ones). Either way I have found tmux useful doing the Hack the Box labs as I usually have like 5 things going on at once. Special shout out to Learnlinux.tv as that's were the bulk of my stuff came from

github.com/RedLanternTe...

Making the switch to Linux as my daily driver at the start of 2021 has been invaluable. So that is a takeaway, have a solid Linux background before trying out these types of labs.
My other takeaway is Parrot OS is a lean alternative to Kali. Runs great in a virtual machine and has similar tools.

I decided to try out HacktheBox's challenge rooms. Going through their Starting Point Labs first to get a feel of the platform. Overall its been fun but I will say, having Linux experience helps out a lot. There are times when I need to fall back on it to figure out a new utility.

To improve in writing IT Reports, especially Incident Response Reports, focus on expanding your vocabulary and forming better sentences. Consider seeking out books, podcasts, or audiobooks to enhance your skills.

Let's spend Saturday night learning tmux.

Life.

I was able to pull this off with my local conventions (GrrCon and #misecCON), podcats and vendor training provided by my current employer. Throw a random book or two in there and done. Honestly it was all rewarding with the new knowledge I’ve obtained and the friends I’ve made.

When I first got my CISSP, I wondered how I would keep up with the CPE requirement. Considering I got the required 120 hours, 10 months before it was due proves it was possible with good diligence.

Had a great time at #misecCON yesterday. Good people and very informative.