TL;DR
While working on the RTO course tooling, I found Skillable’s SCORM lab launch path trusted a userId the browser supplies for allocation, while validating only the SCORM token. Changing that
TL;DR
While working through CRTO, I found pwnlift exposed through passwordless sudo on the team server VM. The upload handler permitted arbitrary file write as root via symlink traversal, and the first
I bought Red Team Ops on 30 July 2020, order #00531, £649 plus VAT. Canvas LMS access, shared VPN labs, both Covenant and Cobalt Strike taught as C2 options. The Cobalt Strike trial