My writeup for ‘Objective 10’ is published. I took a different route this year and didn’t cover every Objective, but instead went in-depth on reverse-engineering the infrastructure behind one of the Objectives. I wanted to see how much of a remote environment was discoverable when all an attacker has is the ability to read local files, no command or code execution. In this instance, I was able to re-create the environment enough to replicate it in a local Docker container. It was an interesting challenge, and one I’m sure I’ll be able to use in the future in other engagements.
Dockerfile, all necessary config files and scripts, and the exploit
script I used are on my GitHub