Sam Hilliard

hack the box

  • EscapeTwo – A HTB Writeup

    EscapeTwo – A HTB Writeup

    A while ago, I did a writeup on Cicada. In this post, I’ll share my thought process and what I’ve learned solving EscapeTwo. EscapeTwo is the second box in the Attacking Active Directory Track on Hack The Box. So, it’s only natural that I stick with that theme. Enumeration Scanning Every enumeration starts with nmap.

    Read more →

  • What I Learned Failing the BSCP Exam

    What I Learned Failing the BSCP Exam

    I failed my first attempt at the Burp Suite Certified Practitioner Exam (BSCP). It definitely hurt and was a blow to my ego. Especially after having studied so much for months on end. For those who don’t know, the BSCP is an exam based on Portswigger’s Web Security Academy training. It’s 100% practical and tests

    Read more →

  • Building a Recon Toolkit with Docker

    Building a Recon Toolkit with Docker

    With the rise in popularity of bug bounty hunting, there’s been a lot of great tools developed. ProjectDiscovery‘s suite of tools and contributions made by Tomnomnom certainly come to mind. With the amount of tools, however, comes the complexity of managing them: keeping them up to date, making sure dependencies are installed, keeping your bounty

    Read more →

  • Automating HackerOne Scope Parsing with qsv for Bug Bounty Recon

    Automating HackerOne Scope Parsing with qsv for Bug Bounty Recon

    Before you start bug hunting on a new program, you need to feed the right assets to the right tools for automated recon. Sorting through the scope and getting your environment setup is a tedious (and delicate) process. No one should want to do this manually. Especially since manual sorting can lead to mistakes. And

    Read more →

  • How to Refine Your Web Application Testing Methodology for Effective Attacks

    How to Refine Your Web Application Testing Methodology for Effective Attacks

    When I first started out bug hunting, I was decent at recon and had a sense for what targets I wanted to go after. But once I got to exploring the target, I didn’t have a set methodology. I just wandered around on the site until something caught my eye in Burp. Without a structured

    Read more →

  • Effective Network Scanning with Nmap: A Practical Workflow

    Effective Network Scanning with Nmap: A Practical Workflow

    There’s a ton of content about the network mapping tool, nmap, and rightfully so. It’s a powerful tool in the hands of a capable user. But most of the tutorials out there are just regurgitations of the man page or docs in various forms. Many only cover basic usage of the tool that can be

    Read more →