ZeroSec - Adventures In Information Security (Page 3)

Web Application Testing(Learning the Ropes 101)- Introduction

To give some background, for those of you who do not already know I work as a pentester and my specialism is web application pentesting/penetration testing(also referred to

bugbounty

gif it time it'll come to you - Finding More Holes in The Hub

Following suit of stored cross site scripting vulnerabilities this post will talk about another issue I found in Pornhub. Unfortunately someone found before me and as a result this bug

bugbounty

Persisting on Pornhub

This guy again? More Pornhub bounty things? Well yeah, sort of. Recently I found a stored cross-site scripting vulnerability in Pornhub core(i.e pornhub.com). Allowing any user to

Getting Started

Learning the Ropes 101 - People Skills

For most of you reading this series you might have seen the first few technical articles then one about reporting, now you're seeing this about people skills. It's got you

bugbounty

Learning the Ropes 101: Stay Beautiful, Stay Verbose

Having recently just arrived back from DEFCON 24 Las Vegas, I've not had a chance to write up much in regards to blogging and for that I am sorry! Anyway

bugbounty

CSV Injection -> Meterpreter on Pornhub

This post will discuss an issue I found regarding CSV injection on Pornhub.com, allowing a remote attacker to inject malicious code into video titles resulting in potential full compromise

bugbounty

CSV Injection Revisited - Making Things More Dangerous(and fun)

In this post, I will discuss several methods and remediation steps that can be used to help escape and mitigate CSV (Comma separated values) injection type attacks. For those of

Quick and Easy Server + Ghost Setup (Part 2 - Ghost Setup)

Installing Ghost Assuming you've already read part 1. Now that we have a somewhat setup server with required settings and the like, it's time to install ghost blog, for this

Quick and Easy Basic Server + Ghost Setup (Part 1 - Server Setup)

So, for some of you who follow my blog, you may have noticed it was down this weekend. This is due to me smartly attempting to update to installation of

Getting Started

Learning the Ropes 101: Operating Systems - Linux

When learning about information security, software development, computer science or "insert other relevant topic here" it is likely that you will come up against a variety of different operating systems. Most new folks to this area will be primarily windows users and

bugbounty

Popping the Pornhub Cherry

Currently at time of writing I'm ranked #1 finder of Bugs on https://hackerone.com/pornhub which is a nice position to hold. This post is to explain the techniques

Getting Started

Learning the Ropes 101: Basic Networking

In regards to the technological skill set required in this sector, dialling it down to complete basics is where to start. It is very important to understand and get your head around basic networking before you start to look at anything else as networking

ltr101

Learning the Ropes 101: Introduction

I recently had a friend of mine come to me asking how to get into hacking and this side of technology. His background was very varied so it was difficult to outline the core fundamentals that a person would need to get into this

Install Kali Nethunter & FruityWiFi on Nexus 5

Originally Written by Ben May || Github Here are the steps taken to install Kali nethunter and FruityWiFi on the Nexus 5. Reboot into fastboot: adb reboot bootloader Unlock bootloader with: fastboot oem unlock Download the 6.0.1 image - hammerhead-mmb29v-factory-62a68ee9.tgz and flash

How to Statically Compile NMAP

Here is a short explanation on how to compile nmap statically. Version of nmap used: https://nmap.org/dist/nmap-7.11.tar.bz2 Method First set up the environment (''-fPIC'' is needed, for static compilation): export CFLAGS="-march=core2 -O2 -fomit-frame-pointer -pipe -fPIC&

Setup Oracle in Kali Rolling & Kali 2.0

How to Setup Oracle in Kali 2.0 I recently have started preparation for an exam which requires the use of Kali for testing and noticed that out of the box Kali 2.0 Sana or rolling do not support oracle. So I set

Approaching Bug Bounties with an Ethical Mindset

The term ‘Bug Bounty’ may be an unknown term to you, but for some it may spawn images of Star Wars bounty hunters; rest assured it has nothing to do with wet work or killing. The phrase was coined for the modern age, which

Getting Started in InfoSec

I’ve been meaning to create a write-up on how to get into the industry and certain resources to check out for different skill sets. So here it is, there are lots of different routes into Pentesting however there are two main things to

Subscribe to ZeroSec - Adventures In Information Security