Posted on 08 Feb 2020 in security • Tagged with security, devops, vault • 4 min read

"Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API."

Continue reading

HTB: Craft

Posted on 05 Jan 2020 in security • Tagged with security, boot2root, HTB, git, gogs, api, vault, linux • 6 min read

Craft card

This is a writeup about a retired HacktheBox machine: Craft This box is classified as a medium machine. The user part is quit long and involve to find "secrets" in a git repository, access an API to get a reverse shell and manipulate a MySQL database in a jailed environment. The root part is quit easier and involve to interact with a vault instance.

Continue reading