Set up a Kali VM on my main machine today because I could not stand the input lag from running it on the homelab. Connecting to a remote VM over SPICE works, but stack WiFi latency, Tailscale routing, and SPICE on top of each other and you get a generally crappy to use workspace.

Used virt-manager on my laptop with KVM as the hypervisor — same stack as Proxmox underneath, so the workflow is familiar. Installed Kali with the GNOME desktop, the default toolset plus the Top 10 metapackage, and added the OSCP-prep tools I’ll actually need (Bloodhound, NetExec, Impacket, evil-winrm, Responder, ffuf, gobuster, feroxbuster, SecLists, and a few others). Snapshotted a clean baseline once everything was working.

Nmap module on HTB Academy#

Spent most of the day finishing the Network Enumeration with Nmap module on HTB Academy. Nmap is a tool I’ve used but the module forced a walkthrough of the actual flag combinations and what they each do under the hood.

The medium and hard labs in the module gave me trouble, particularly around firewall evasion techniques and source-port manipulation. The exercise that asked me to use ncat with a spoofed source port of 53 to bypass a firewall rule was a useful one. I had to free up port 53 on the system before ncat would cooperate.

I feel as though I have a foundational understanding of firewall rules and how to enumerate around them now!

Maldev Academy progress#

Continued working through Maldev Academy last night. The modules covered Windows PE file internals and the broader WinAPI surface. The PE structure is dense, almost every Windows malware development concept ultimately interacts with the format at some level, whether it’s loaders, injection techniques, or persistence mechanisms.

Modules are short enough that I’ve been able to keep a steady pace for both the Academy modules and Maldev module. I think that the two tracks complement each other: HTB Academy is offensive methodology and tooling, Maldev Academy is the underlying systems knowledge that makes more advanced tradecraft possible.

A note on next week#

I have a Secure Computing midterm Tuesday, a written, proof-based exam covering provable security, the library/interchangeability framework, distinguishers, the hybrid technique, secret sharing, indistinguishability, and PRG security. The material is theoretical and theres nothing to do for preparation other than working through proofs until I have muscle memory.

This weekend will be largely study, with cyber work taking a back seat. No blog content until midweek next week. After the exam I’ll be back to the regular schedule.

But for now, more Maldev tonight!

Eight days in. Things are still new and exciting and I feel ready to keep going. Thanks for reading :-)