For almost ten years I have self-hosted a blog but I’ve reached a bitter sweet moment. My site is generating too much traffic for me to continue to operate it […]
Every single time I see someone post about how NFTs are a horrible because someone can just screenshot it, I die a little inside. I can’t blame everyone for not […]
The OWASP Top 10 list is a list of the most critical web application security risks. It is compiled and maintained by the Open Web Application Security Project (OWASP). The […]
Table of contents What is OpenAI? Pandora’s Box is Open Writing blog posts Red Teaming Proving AI is generating tool output Stack Overflow questions and answers How to identify OpenAI […]
The Linux command strings is an incredibly useful tool for finding hidden things in binaries. In this article, we’ll discuss how to use it to uncover hardcoded passwords, API endpoints, […]
The world of computer security was forever changed on March 14th, 2017, when a malicious piece of software known as the Eternal Blue exploit was released into the wild. This […]
The Heartbleed vulnerability is a security flaw in the popular OpenSSL cryptographic software library. It was discovered in April 2014 and affects a significant portion of the Internet’s secure web […]
DevOps is an increasingly popular software development methodology that combines the development and operations teams to create a more efficient and agile system. It has become a key part of […]
What are IDORs? Insecure Direct Object References (IDOR) is a type of vulnerability in web applications that allows attackers to access data that they should not be able to access. […]
I’m not one to give away bug bounty target companies, so once again due to the agreements we enter into with these companies, this company will hence forth be referred […]
Vulnhub is such a great resource for vulnerable virtual machines. Sometimes it can be hit or miss with the realism. At times it’s even laughable that the creator thought you’d […]
I’m back with another great vulnerable boot to root. This time it’s once again one from my favorite site, HackTheBox. If you’re here I’m assuming you already know what HackTheBox […]
Not a ton to talk about for this box. It’s an interesting CTF style machine but I’m not sure I’d rank it in the OSCP prep category. Just something fun […]
Just popped another Windows box. This time, it’s Arctic. This machine, I imagine, is easy when using metasploit. However, I’m not here to point and click exploit. I’m trying to […]
Okay ramping up the difficulty a little. Not another really tough box but this one was done with no metasploit so there was some added complexity. Mapping the Attack Surface […]
This is going to be a fast walkthrough. Nothing fancy here, I’m just going to switch over from vulnhub boxes to hackthebox boxes and I wanted to start with an […]
Another box closer to finally earning my OSCP …. I can feel it It seems so difficult to find boxes that aren’t easy but that also aren’t too difficult. If […]
Are you looking for a box that’s both a light challenge and well put together? Then look no further than this walkthrough and Mr-Robot 1 over on vulnhub. This box […]
Another day, another root. I learn something new on every boot to root I do usually. However, I’m happy to say I finally came across something I’ve wanted to learn […]
Well it’s been another year and it’s once again Hacker Summer Camp time! With Defcon 29 just around the corner, I thought it would be a great time to blow […]
Link to VM ~> https://www.vulnhub.com/entry/photographer-1,519/ Summary: This box was _FANTASTIC_ as it exercises a number of disciplines. The author of the box @v1n1v131r4 (his website http://v1n1v131r4.com/) did a great job […]
So it’s been a looooong while since I’ve been able to sit down and work on some boot to root boxes. Between moving and adjusting to running a rental business […]
So it turns out that my raspberry pi webserver wasn’t as invulnerable to software upgrades as it was to hackers…
Unfortunately, <REDACTED> refused to give me permission to disclose this simple vulnerability I found on one of their web servers. So after 11 months after I found it, with zero […]
THIS POST IS NO LONGER UP TO DATE – MINER IN THE MIDDLE WAS REWRITTEN IN PYTHON ON AUGUST 20TH 2020 PLEASE SEE THE GITHUB LINK TO GET THE UPDATED […]
So about six months ago I started researching how to disappear from the internets. I opted out of all the things. I threw mud in the water on social media […]
I managed to get an interview on Hak5 during Defcon 25 this year! Here’s the episode:-D
I’m in the process of hunting for a new VPN because my current one (Nord VPN) disconnects constantly when I use it with my Tomato Router. I recently came across […]
Here is another fun VM, this one was created by g0tmilk and I’m happy to say, was a lot of fun. Step 1: Reconnaissance I started with a simple nmap […]
I can’t believe another year has come and gone! This was my fifth year at StirTrek and it was a doozy. This year we had a new venue, a new […]
I came across this VM in a chat about prepping for your OSCP and I wanted to give it a go. It was supposed to be a 4 hour machine. […]
Look there’s no easy way to say this, so I’m not going to sugar coat it for you. You’re a product. I know people say that all the time but […]
Hey I know it’s been awhile since I posted. I’ve been spending my free time training up for a new company. I recently came across this great site called Open […]
I’m a firm believer in understanding by doing. I wrote this nifty little SMTP enumeration tool and I wanted to share it. -> smtpenum /path/to/user_wordlist <target ip> <target port> That’s […]
So as some of my readers will know, I recently failed my first attempt at the OSCP certification. What many of you probably don’t know however is that I’m a […]
Well it’s been a solid 60 days of everything PWK. I’ve buffer overflowed, injected and weeped at my desk at 3am. #Complete I’m happy to say that this was a […]
Well I know it’s been a few weeks since my last post and I just wanted to provide an update. Since my last post, I have begun my Offensive Security […]
Well it turns out that building that shell payload was the easiest part of the whole processes. Mainly because I have messed around with shells and netcat a little […]
Well this simple task of reproducing a Metasploit exploit is turning out to be a HUGE learning experience. To quickly recap. We want to brute force an Apache Tomcat […]
So after my last post about getting into Tomcat with Metasploit I decided that Metasploit was fun to mess with but if I actually want to learn then I […]
Wow, what a week! I spent no less than 30 solid hours this week (in my free time) going through these books a little more and boy is there […]
Well I have finally pulled the trigger. I’ve decided that I am ready to start moving toward the security side of things. I think this is a natural step for […]
I know I have been pretty silent over the last month but it was for good reason, I promise. I have been hard at work on a new project that […]
On my never ending journey to becoming a software craftsman, I am once again faced with a fundamental question. To butcher knife or to scalpel?