Skip to main content
February-2024 Updates - New Exclusive Content
Diablo avatar
Written by Diablo
Updated over 6 months ago

We’ve introduced three new exclusive machines, four training machines, and three exclusive Sherlocks to Dedicated Labs.


NEW EXCLUSIVE MACHINES

Sententia:

Difficulty

Hard - Penetration Testing Level 3

Areas of Interest

Endpoint Detection and Response

Technologies

TensorFlow, PyTorch, Flask & Nginx

Languages

C, C++

Skills

EDR Bypass

Atrium:

Difficulty

Very Easy - Penetration Tester Level 1

Areas of Interest

Linux Desktop Applications

Technologies

Atril Document Viewer

Languages

Bash

Skills

CVE Exploitation

CVSS Score

7.8 (High)

DootDoot:

Difficulty

Medium - Penetration Tester Level 2

Areas of Interest

DevSecOps

Technologies

Docker Registry, Gitea, Jenkins

Languages

Java, Bash, Python

Skills

Web Application Exploitation


NEW TRAINING MACHINES

The retired community machines from 20th January to 20th February are detailed below.

  • Drive

    • A hard Linux Machine featuring a file-sharing service susceptible to Insecure Direct Object Reference (IDOR), through which a plaintext password is obtained, leading to SSH access to the box

  • Keeper

    • An easy-difficulty Linux Machine that features a support ticketing system that uses default credentials

  • RegistryTwo

    • An Insane Linux Machine that starts with a web page that presents a web hosting service. Moreover, the Docker registry is exposed and allows anonymous authentication

  • Clicker

    • A Medium Linux Machine featuring a Web Application hosting a clicking game. Enumerating the box, an attacker is able to mount a public NFS share and retrieve the source code of the application, revealing an endpoint susceptible to SQL Injection.


Exclusive Sherlocks

Conned-Again

Difficulty

Easy

Category

DFIR

Technology

Linux, Confluence

In Conned-Again you will be thrust back into the Forela enterprise where a Confluence server has been compromised. Within this Sherlock, you'll investigate 2 exploited CVEs, CVE-2023-22515 & CVE-2023-22527, by analyzing the provided CatScale triage data.

JenkreadD

Difficulty

Easy

Category

DFIR

Technology

Jenkins

JenkreadD is an easy Sherlock that showcases the analysis of an arbitrary file read vulnerability (CVE-2024-23897) in the CLI component of Jenkins 2.441 and earlier, LTS 2.426.2 and earlier, which uses the args4j library to parse command line arguments without disabling its expandAtFiles functionality.

Exitiabilis

Difficulty

Medium

Category

SOC

Technology

Windows, ELK

Exitiabilis is a medium-difficulty Sherlock where you will be provided with the opportunity to investigate the compromise of a corporate environment utilizing HELK. The incident begins with the compromise of Forela's Cisco AnyConnect corporate VPN, followed by the abuse of a Veeam service account utilized for backups. Exitiabilis has been created in collaboration with Hack The Box's partner, Aspire Technology Solutions Ltd, and recreates a closed-source incident witnessed by Aspire's MSSP service.


Looking for more content, features, or a place to leave feedback?

Book your spot for a 15-minute call where we can discuss how to level up your training!

Did this answer your question?