review 2019 Coming Up and ZSEC Blog 2018 in Review 2018 saw a lot of ups and downs for me both personally and professionally but I have learned a lot and put out a lot of blog posts(12 in fact!).
My Journey Into Infosec Something I've been asked a lot recently and in the past is how I got into this industry and what my tips are for new prospects? Well here is my story: Buckle Up
ltr101 Hawl! Gonny Gee Me a Puddy Up?! How to actually get into the industry. An explaination on different topics to better aid you in getting in. Some hints and tricks from Andy Gill about his journey
NotHacking Taking a Step Back Not an overly verbose or detailed post, more a note or place marker to say I'll be taking a step back from writing and blogging for a few months. I need to take
ZTH ZTH-CH3: Troubleshooting? A skillset that many people look at when you work in IT or have some form of interest in technology is the ability to 'fix' things.
ZTH ZTH-CH2: - Security For Everyone I will explain the importance of using strong passwords, what multi-factor/two-factor authentication is and why it is important and also explain some more security tips.
pentesting LTR101 - Facing Your Fears Following a wee dry spell of blog posts here's my latest(a wee quickie). At the time of writing this blog I've since done three security conference talks in my life so far!
learning ZTH-CH1: From Zero to Technical Hero This post will take the very core basics and explain them in a series of analogies that are easier to understand if you're completely non-technical or have minimal know-how. I want to make information security and the technicalities more accessible to the masses.
homenetwork [Ongoing Project] Building the Dream Home Network This is not uber leet hax0rs stuff, but it does serve as a somewhat tutorial on how I set up my new home network in my flat.
docker LTR101 - Disposable Attack Containers (DAC) My take on using docker for disposable attack images, basically leveraging docker images for Bug Bounties & Pentesting.
pentesting Open Redirect in Oracle EBS (CVE-2017-3528) Writeup of my first CVE; An open redirect in Oracle E-Business Suite, patched in April 2017 CPU(CVE-2017-3528).
NotHacking It's Not All Hacking - Life [Escaping] Working from home brings a lot of great things to the table, it allows you to make your home your workplace, gives you freedom.
CSRF Delivering Many a Payload via CSRF CSRF Is still an issue in 2018, with some interesting payload delivery methods. Chaining vulns and some more on CSV Injection too!
learning Breaking out of Amazon Echo Show Just a quickie, bought an Amazon Echo Show at the weekend because I wanted a new thing to play with and quickly found out how "locked" down it is. This is
hacking XXE - Things Are Getting Out of Band XXE Out of Band testing, explaining how to execute XXE OOB attacks over HTTP & FTP. Additional explanation on XXE RCE.
hacking Leading the Blind to Light! - A Chain to RCE Tl;DR I found a misconfigured host & leveraged a few vulnerabilities to gain the final end goal of remote code execution!
learning How to Pwn things over IPv6 IPv6 is the demon that many testers dare not touch very often as it is still not the norm or widely adopted. Don't get me wrong, it is available(it has been for
weekend LTR101: My First CloudFront Domain Takeover/Hijack Sub Domain Hijack Issue Hijack/takeover attacks can happen when a company creates a DNS entry that points to a third party service(CNAME Record), however, forget about the third party application leaving
ltr101 LTR101: Programming Fundamentals In security it can be very useful to understand programming, whilst you might not be able to code straight away it is very very useful to understand the core fundamentals. Throughout my blog,
Impostor Syndrome: A Few Years In the Job What is Imposter Syndrome? It is an Irrational Fear. I Have No Idea What I'm Doing... An actual definition of it:- Impostor syndrome (also known as impostor phenomenon or fraud syndrome or
defcon Why Infosec Conferences are Awesome [DC, BSides, Steelcon, The Rest] Taking a quick step away from tutorials and write-ups, here is what was originally a blog about DEF CON 25 and all the things in-between. However, as I'm just back from BSidesManchester, and
bugbounty May the Shells be with You - A Star Wars RCE Adventure! Intro Continuing the non-ltr101 posts for a second here is a quick write-up of a cool bug I found recently on a bounty program. It features Remote Code Execution via an abandoned web
learning Hunting in the Dark - Blind XXE Before getting into the post, this isn't anything brand new or leet in the area of XML External Entity (XXE) attacks, it is purely something I came across and wanted to share. The
[Rant] Cancelling with Virgin Media I'm not one to rant very often however today is that day. <rant> Virgin Media. Literally one of the worst communications companies when it comes to communication. I have been in
tool [Tools Release] GoogD0rker & AttackDeploy This post serves as a quick description of two scripts I have written and published on my Github. It's not often that I take or even have the time to write things other
