Vulnhub Boot2Root “PwnLab: init”

The Boot2Root challenge “PwnLab: Init” took me several hours to complete.  Once completed, I reinstalled the OVF and walked through the sequence again (this time taking screen shots) to validate what I had done.  This walk-through details my solution of the “PwnLab: Init” Boot2Root published on August 1, 2016.


While this walk-through looks fairly strait forward it was not in reality.  There were a lot of dead-ends and attempts that didn’t work, or didn’t give me the results I wanted.  Once I found the correct path though, it took only a few minutes to walk through it again and document it with screen shots.

If you have not had a chance to complete the PwnLab:Init challenge on VulnHub STOP READING NOW.  This is a fun challenge and I recommend you try it.

Continue reading “Vulnhub Boot2Root “PwnLab: init””

Selling your Information Security Team

How often have you had to argue or prove the value of your Information Security program to management? Here is an innovative way to do just that (without arguing).

Information Security can be similar to insurance … it’s only discussed when bad things happen and it’s rarely a revenue generating center.  So how does one show return on investment?  I was recently asked to do just that by participating in a presentation to our Board of Directors.  Senior management wanted to show off the new security operation center and the SOC team to the board.  My first thought was: <sarcasm>That is a great idea … they can walk through a SOC and see all the “Security Bling” screens on the wall.</sarcasm>  But after brain storming with the team, we actually came up with a great idea that I will be writing about over the next several weeks.

Continue reading “Selling your Information Security Team”