ltr101 LTR101: Writing or Receiving Your First Pentest Report A penetration test report is more often tailored to multiple reading groups and as a result needs to be broken down into multiple sections for easier digestion by the business.
phishing Mail Technologies(DKIM & DMARC) - Part 2 Mail technologies(SPF, DKIM and DMARC) are important to understand from all sides. This post dives into DKIM and DMARC.
ltr101 Mail Security - SPF - WTF Mail technologies(SPF, DKIM and DMARC) are important to understand from all sides.
carhacking Focus RS 2016 - Some Light Aesthetic Car Hacking Car hacking with Ford ForScan, adding SYNC3 changes and 5th Driving mode to 2016 Focus RS.
redteam So You Want to Learn [Red] Teaming? Red Teaming is something that takes a bit of experience to actually nail, it's not something you expect to walk into after doing a four year uni course or something to pick up with little to no actual security experience.
ltr101 DNS - Setting the Record Straight The domain name systems, more commonly referred to as DNS is essentially a phone book of the Internet. Ler's take a deep dive into DNS.
redteam Bloodhound 2.2 - A Tool for Many Tradecrafts Bloodhound is a tool for enumeration of an active directory environment. It maps out relationships between active directory objects and is useful for Pentesting and Red Teaming.
ltr101 Surviving in the Ring: Expanding Your Horizons Before We Dive in, thank you to each and every single person who has read, downloaded, purchased, shared and even copied my book! Following the success of my first book,
NotHacking Mental Health and Security Mental health and mental wellbeing is very important and is often overlooked in the security industry. This post discusses the four most common issues and proposes some solutions.
bugbounty Leveraging Expression Language Injection (EL Injection) for RCE Expression Language injection or EL Injection for short is an attack vector I'd never heard of until recently. This post talks about leveraging EL for RCE.
ltr101 NMAP Tips: RTFM? NMAP TL;DR It's a tool used for portscanning and this post will explore some of the common and useful flags that can be used while scanning to pick up
review 2019 Coming Up and ZSEC Blog 2018 in Review 2018 saw a lot of ups and downs for me both personally and professionally but I have learned a lot and put out a lot of blog posts(12 in fact!).
My Journey Into Infosec Something I've been asked a lot recently and in the past is how I got into this industry and what my tips are for new prospects? Well here is my
ltr101 Hawl! Gonny Gee Me a Puddy Up?! How to actually get into the industry. An explaination on different topics to better aid you in getting in. Some hints and tricks from Andy Gill about his journey
NotHacking Taking a Step Back Not an overly verbose or detailed post, more a note or place marker to say I'll be taking a step back from writing and blogging for a few months. I
ZTH ZTH-CH3: Troubleshooting? A skillset that many people look at when you work in IT or have some form of interest in technology is the ability to 'fix' things.
ZTH ZTH-CH2: - Security For Everyone I will explain the importance of using strong passwords, what multi-factor/two-factor authentication is and why it is important and also explain some more security tips.
pentesting LTR101 - Facing Your Fears Following a wee dry spell of blog posts here's my latest(a wee quickie). At the time of writing this blog I've since done three security conference talks in my
learning ZTH-CH1: From Zero to Technical Hero This post will take the very core basics and explain them in a series of analogies that are easier to understand if you're completely non-technical or have minimal know-how. I want to make information security and the technicalities more accessible to the masses.
homenetwork [Ongoing Project] Building the Dream Home Network This is not uber leet hax0rs stuff, but it does serve as a somewhat tutorial on how I set up my new home network in my flat.
docker LTR101 - Disposable Attack Containers (DAC) My take on using docker for disposable attack images, basically leveraging docker images for Bug Bounties & Pentesting.
pentesting Open Redirect in Oracle EBS (CVE-2017-3528) Writeup of my first CVE; An open redirect in Oracle E-Business Suite, patched in April 2017 CPU(CVE-2017-3528).
NotHacking It's Not All Hacking - Life [Escaping] Working from home brings a lot of great things to the table, it allows you to make your home your workplace, gives you freedom.
CSRF Delivering Many a Payload via CSRF CSRF Is still an issue in 2018, with some interesting payload delivery methods. Chaining vulns and some more on CSV Injection too!
learning Breaking out of Amazon Echo Show Just a quickie, bought an Amazon Echo Show at the weekend because I wanted a new thing to play with and quickly found out how "locked" down it
![So You Want to Learn [Red] Teaming?](https://images.unsplash.com/photo-1528413538163-0e0d91129480?ixlib=rb-1.2.1&q=80&fm=jpg&crop=entropy&cs=tinysrgb&w=1080&fit=max&ixid=eyJhcHBfaWQiOjExNzczfQ)
![[Ongoing Project] Building the Dream Home Network](https://images.unsplash.com/photo-1477519242566-6ae87c31d212?ixlib=rb-0.3.5&q=80&fm=jpg&crop=entropy&cs=tinysrgb&w=1080&fit=max&ixid=eyJhcHBfaWQiOjExNzczfQ&s=fc23e529a53f6fa80f0e40976e6af76f)
![It's Not All Hacking - Life [Escaping]](/content/images/size/w600/2018/02/nIovf32.jpg)
