Sam Hilliard

hack the box

  • Havoc in Las Vegas – Several Resorts Brought to their Knees by Hackers

    Havoc in Las Vegas – Several Resorts Brought to their Knees by Hackers

    There’s been a ton of buzz over the cybersecurity attack on multiple resorts in Las Vegas. All over social media, people have been posting pictures and videos of downed elevators: The Excalibur elevators are still hacked pic.twitter.com/Q3i4wFErV7 — Las Vegas Locally 🌴 (@LasVegasLocally) September 17, 2023 and slot machines: Current status of MGM Cybersecurity attack

    Read more →

  • Hack The Box: Pilgrimage Writeup

    Hack The Box: Pilgrimage Writeup

    We’re back again with another Hack The Box machine. This time, I hacked Pilgrimage. Although it was listed as an “easy” box, I thought it was a bit more involved than other easy boxes I’ve done in the past. So, let’s get into it! Recon Scanning I started off with a quick TCP scan of

    Read more →

  • Evil Twin Part 2: spying on victims with a MITM attack

    Evil Twin Part 2: spying on victims with a MITM attack

    We’re back with another Evil Twin attack tutorial. This time, we’re going to be building off my last post by adding internet access to the evil twin. So, if you haven’t read it and followed along, do that first before moving on to this post. With internet access provided to our evil twin, we’re finally

    Read more →

  • Hack The Box: SAU Writeup

    Hack The Box: SAU Writeup

    ,

    It’s time I get back into some Hack The Box! I’ve done some machines before but it’s been a while since I’ve hacked the box. So, in the post, I’m going to walk you through my thought process of hacking the SAU machine. This will not simply be a list of commands I used to

    Read more →

  • Building Your Own Evil Twin Access Point from Scratch

    Building Your Own Evil Twin Access Point from Scratch

    ,

    Hello again! It’s been a while but I’m back after a bit of a break! In this post, I’m going to show you how to set up an evil twin wireless access point. This post is going to be part of a series of posts detailing different attacks we can build off of this simple

    Read more →

  • Remote code execution via polyglot web shell upload – Portswigger Web Security Academy Lab Walkthrough

    Remote code execution via polyglot web shell upload – Portswigger Web Security Academy Lab Walkthrough

    , ,

    In this lab, we will bypass simple file validation to upload PHP code. I found this lab particularly interesting because the bypass involved injecting code into an image’s metadata. This is a technique I was unfamiliar with before attempting to solve this lab and I thought it was pretty cool. So, let’s get into my

    Read more →