docker LTR101 - Disposable Attack Containers (DAC) My take on using docker for disposable attack images, basically leveraging docker images for Bug Bounties & Pentesting.
pentesting Open Redirect in Oracle EBS (CVE-2017-3528) Writeup of my first CVE; An open redirect in Oracle E-Business Suite, patched in April 2017 CPU(CVE-2017-3528).
NotHacking It's Not All Hacking - Life [Escaping] Working from home brings a lot of great things to the table, it allows you to make your home your workplace, gives you freedom.
CSRF Delivering Many a Payload via CSRF CSRF Is still an issue in 2018, with some interesting payload delivery methods. Chaining vulns and some more on CSV Injection too!
learning Breaking out of Amazon Echo Show Just a quickie, bought an Amazon Echo Show at the weekend because I wanted a new thing to play with and quickly found out how "locked" down it
hacking XXE - Things Are Getting Out of Band XXE Out of Band testing, explaining how to execute XXE OOB attacks over HTTP & FTP. Additional explanation on XXE RCE.
hacking Leading the Blind to Light! - A Chain to RCE Tl;DR I found a misconfigured host & leveraged a few vulnerabilities to gain the final end goal of remote code execution!
learning How to Pwn things over IPv6 IPv6 is the demon that many testers dare not touch very often as it is still not the norm or widely adopted. Don't get me wrong, it is available(it
weekend LTR101: My First CloudFront Domain Takeover/Hijack Sub Domain Hijack Issue Hijack/takeover attacks can happen when a company creates a DNS entry that points to a third party service(CNAME Record), however, forget about the third
ltr101 LTR101: Programming Fundamentals In security it can be very useful to understand programming, whilst you might not be able to code straight away it is very very useful to understand the core fundamentals.
Impostor Syndrome: A Few Years In the Job What is Imposter Syndrome? It is an Irrational Fear. I Have No Idea What I'm Doing... An actual definition of it:- Impostor syndrome (also known as impostor phenomenon or
defcon Why Infosec Conferences are Awesome [DC, BSides, Steelcon, The Rest] Taking a quick step away from tutorials and write-ups, here is what was originally a blog about DEF CON 25 and all the things in-between. However, as I'm just back
bugbounty May the Shells be with You - A Star Wars RCE Adventure! Intro Continuing the non-ltr101 posts for a second here is a quick write-up of a cool bug I found recently on a bounty program. It features Remote Code Execution via
learning Blind XXE - Hunting in the Dark Before getting into the post, this isn't anything brand new or leet in the area of XML External Entity (Blind XXE) attacks, it is purely something I came across and
[Rant] Cancelling with Virgin Media I'm not one to rant very often however today is that day. <rant> Virgin Media. Literally one of the worst communications companies when it comes to communication. I
tool [Tools Release] GoogD0rker & AttackDeploy This post serves as a quick description of two scripts I have written and published on my Github. It's not often that I take or even have the time to
project [Weekend Project] Monitoring Home Broadband Like many who live in the UK I get my home broadband from Virgin Media, again like many VM tend to under deliver as promised in terms of speed. Now,
ltr101 LtR101: Selling Yourself & Hacking Your Career Path Having the technical skills are great, going to meet-ups and making the social contacts is even better. What really gets you in the door though? Knowing people? A CV? Being
bugbounty Bug Bounty Forum AMA (x-post from BBF) Introduction What is your name, if you do not want to disclose your name, what is your handle/nickname? Where are you from? How long have you been hacking? How
ltr101 LtR101: Book Published After almost 6 months, today is the day I finally finished & published: Breaking Into Information Security: Learning the Ropes 101. What does this mean exactly? Well more blog posts
OSCP OSCP & OSWP - Two Achievements Unlocked As with most people who sit Offensive Security's courses; Penetration Testing with Kali(PWK) & Wifu and achieve Offensive Security Certified Professional/Wireless (OSCP/OSWP) , I too have joined the
ltr101 Ltr101: Markdown For a lot of bug bounty platforms, code repos and chat clients, Markdown is used as the notation to outline whatever you're writing up. However having read many reports on
ltr101 LtR101: Windows Terminal Environments Windows is one of the most commonly used operating systems in the world, in comparison to Linux it is lesser used in security however still an OS of choice for
Getting Started Learning the Ropes 101 - Virtualisation This post talks of what virtualisation is, why it is important and how it works. I will also take you through setting up your first virtual machine (VM). What is
ltr101 Learning the Ropes 101: Burp Suite Intro Burp Suite Features & Usage In this post I will discuss the different features of burp suite, how to use them and how they are useful. I will also discuss
![It's Not All Hacking - Life [Escaping]](/content/images/size/w600/2018/02/nIovf32.jpg)
![Why Infosec Conferences are Awesome [DC, BSides, Steelcon, The Rest]](/content/images/size/w600/2017/10/goon.jpg)
![[Rant] Cancelling with Virgin Media](/content/images/size/w600/2017/06/news_full-broadband.png)
![[Tools Release] GoogD0rker & AttackDeploy](https://images.unsplash.com/photo-1534137667199-675a46e143f3?ixlib=rb-0.3.5&q=80&fm=jpg&crop=entropy&cs=tinysrgb&w=1080&fit=max&ixid=eyJhcHBfaWQiOjExNzczfQ&s=980bded661089e1f9e1ba92ee18dbe7a)
![[Weekend Project] Monitoring Home Broadband](https://images.unsplash.com/photo-1488229297570-58520851e868?ixlib=rb-0.3.5&q=80&fm=jpg&crop=entropy&cs=tinysrgb&w=1080&fit=max&ixid=eyJhcHBfaWQiOjExNzczfQ&s=eddd6977af2bb5e4d9e261b47dd08ac2)
