Embedded Files
“A collection of professional cybersecurity assessments, adversarial simulations, and technical reports documenting real-world attack paths.”
“Below are selected adversarial reports from labs, simulations, and assessments I’ve conducted. Each report follows a professional penetration testing format — including scope, methodology, findings, and remediation steps. While I perform dozens of labs, this section highlights my most relevant work.”
“Below are selected adversarial reports from labs, simulations, and assessments I’ve conducted. Each report follows a professional penetration testing format — including scope, methodology, findings, and remediation steps. While I perform dozens of labs, this section highlights my most relevant work.”
Title: Security Assessment — SMB Remote Code Execution (Lab Exercise)
Author: Basil Imran (Mr BB)
Date: 2025-09-20
Scope: TryHackMe Lab — isolated training environment (Target: Windows 7 (6.1 Build 7601, Service Pack 1)
Authorisation: Exercise performed within TryHackMe lab environment (authorised). No production systems were tested.
1. Executive Summary
1. Executive Summary
This document summarizes a learning exercise in which a vulnerable Windows host in an authorized TryHackMe lab was exploited via a known SMB vulnerability (historical context: EternalBlue / CVE-2017-0144). The purpose was educational: to practice safe exploitation workflows and post-exploitation enumeration.
2. Affected Component
2. Affected Component
Service: SMB (Server Message Block)
Host: Windows 7 (lab environment)
Exposure: SMB ports 139/445 reachable on lab network
3. Risk / Impact
3. Risk / Impact
Successful exploitation leads to remote code execution and potential full system compromise. In real-world scenarios this could result in data theft, credential exposure, lateral movement, or ransomware deployment.
4. Evidence (non-sensitive)
4. Evidence (non-sensitive)
Nmap output indicating SMB on ports 139/445 and server banner consistent with vulnerable configuration.
Post-exploitation screenshots (optional) showing successful meterpreter session and acquisition of lab “flags” (stored text files). Do not include exploit code or sensitive data.
5. High-level Steps Taken (non-actionable)
5. High-level Steps Taken (non-actionable)
Performed service discovery (Nmap) to identify SMB exposure.
Used an authorized exploit module in a controlled environment to demonstrate remote code execution.
Gained a shell, upgraded to a Meterpreter session, enumerated shares and users, and accessed lab-specific flag files.
Note: Detailed exploit commands, payloads, or PoC code are intentionally omitted to avoid enabling misuse.
6. Remediation & Mitigation
6. Remediation & Mitigation
Immediate actions:
Apply vendor security updates/patches for SMB (install all Windows updates).
Disable SMBv1 where not required.
Enforce SMB signing and restrict SMB access via firewall rules.
Longer-term controls:Network segmentation to prevent SMB exposure across trust boundaries.
Endpoint detection for abnormal process spawning and unexpected SMB traffic.
Regular vulnerability scanning and patch management.
7. References
7. References
Microsoft Security Advisory (MS17-010) — patch guidance.
CVE-2017-0144 — public advisory.
(Include links to official vendor advisories — safe and useful for readers.)
8. Conclusion
8. Conclusion
This lab reinforced the importance of patching, least-privilege networking, and robust detection for SMB-related threats. The exercise was authorized and completed in a dedicated learning environment.
Page updated
Google Sites
Report abuse