Getting Started - ZephrSec - Adventures In Information Security

Sign in Subscribe

Getting Started

A collection of 22 posts

WebSockets are a Pain - A Journey in Learning and Leveraging

pentesting Featured

WebSockets are a Pain - A Journey in Learning and Leveraging

Before I dive in and show examples of implementations that worked, it is worth doing a quick explainer on what WebSockets are, how they work, what a typical request handshake looks like, and how to troubleshoot when things don't go the way you want them to.

Reviving and Refactoring DNS Enum

Reviving and Refactoring DNS Enum

I have been using Lepus for a number of years as it is one of the better subdomain enumeration tools. I integrated some of the lessons learned from DNS Queue [https://github.com/zephrfish/dns-parallel-prober] and added additional functionality to a project that had not been updated in over 2

Developing An Effective Security Program

informationsecurity

Developing An Effective Security Program

This post comes off the back of a series of tweets I made one morning, I decided that after a long thread it was probably better to combine into one post. So here it is folks. If you want to deploy a proper security program there are some key basics

LTR101: Writing or Receiving Your First Pentest Report

ltr101 Featured

LTR101: Writing or Receiving Your First Pentest Report

A penetration test report is more often tailored to multiple reading groups and as a result needs to be broken down into multiple sections for easier digestion by the business.

Mail Security - SPF - WTF

ltr101 Featured

Mail Security - SPF - WTF

Mail technologies(SPF, DKIM and DMARC) are important to understand from all sides.

DNS - Setting the Record Straight

ltr101 Featured

DNS - Setting the Record Straight

The domain name systems, more commonly referred to as DNS is essentially a phone book of the Internet. Ler's take a deep dive into DNS.

Surviving in the Ring: Expanding Your Horizons

ltr101 Featured

Surviving in the Ring: Expanding Your Horizons

Before We Dive in, thank you to each and every single person who has read, downloaded, purchased, shared and even copied my book! Following the success of my first book, it has been well received far and wide expanding the knowledge of individuals and allowing them to understand the basics

NMAP Tips: RTFM?

ltr101 Featured

NMAP Tips: RTFM?

NMAP TL;DR It's a tool used for portscanning and this post will explore some of the common and useful flags that can be used while scanning to pick up usful information about targets. What Is NMAP? Nmap or Network mapper is an open source tool for network discovery and

Hawl! Gonny Gee Me a Puddy Up?!

Hawl! Gonny Gee Me a Puddy Up?!

How to actually get into the industry. An explaination on different topics to better aid you in getting in. Some hints and tricks from Andy Gill about his journey

ZTH-CH2: - Security For Everyone

ZTH-CH2: - Security For Everyone

I will explain the importance of using strong passwords, what multi-factor/two-factor authentication is and why it is important and also explain some more security tips.

ZTH-CH1: From Zero to Technical Hero

learning Featured

ZTH-CH1: From Zero to Technical Hero

This post will take the very core basics and explain them in a series of analogies that are easier to understand if you're completely non-technical or have minimal know-how. I want to make information security and the technicalities more accessible to the masses.

LTR101: Programming Fundamentals

LTR101: Programming Fundamentals

In security it can be very useful to understand programming, whilst you might not be able to code straight away it is very very useful to understand the core fundamentals. Throughout my blog, I am hoping to give you the basics to prepare you to start your journey in learning

LtR101: Selling Yourself & Hacking Your Career Path

LtR101: Selling Yourself & Hacking Your Career Path

Having the technical skills are great, going to meet-ups and making the social contacts is even better. What really gets you in the door though? Knowing people? A CV? Being somewhat known? All valid points and questions, all worth looking into and all will get you somewhere. Things to Consider

Bug Bounty Forum AMA (x-post from BBF)

Bug Bounty Forum AMA (x-post from BBF)

Introduction What is your name, if you do not want to disclose your name, what is your handle/nickname? Where are you from? How long have you been hacking? How did you get started? What platforms or popular public programs have you hacked on? Hi folks, I’m Andy also

LtR101: Book Published

LtR101: Book Published

After almost 6 months, today is the day I finally finished & published: Breaking Into Information Security: Learning the Ropes 101. What does this mean exactly? Well more blog posts now as the book is out there! Got a few posts lined up made up of weekend projects I've been doing

Learning the Ropes 101 - Virtualisation

Getting Started

Learning the Ropes 101 - Virtualisation

This post talks of what virtualisation is, why it is important and how it works. I will also take you through setting up your first virtual machine (VM). What is Virtualisation Virtualisation put briefly is the process of creating a container of resources to run an operating system within the

LtR101: Web Application Testing Methodologies

Getting Started

LtR101: Web Application Testing Methodologies

I get loads of messages on various mediums each week asking about how to get into information security & bug hunting. Queries range from how to do things through to how to get into the industry and where to start. I started this series for those people, learning and wanting to

Web Application Testing - Tooling

Getting Started

Web Application Testing - Tooling

Having given an introduction into web app testing [https://blog.zsec.uk/101-web-testing-1/] it is now time to move onto the tooling. Noting that this is for testing and not specifically bug bounty hunting. The tooling and techniques are slightly different. The art of web testing is made up of

Web Application Testing(Learning the Ropes 101)- Introduction

Getting Started

Web Application Testing(Learning the Ropes 101)- Introduction

To give some background, for those of you who do not already know I work as a pentester and my specialism is web application pentesting/penetration testing(also referred to some as appsec). I started this series to help individuals wanting to get into security & learn about the fundamentals required

Learning the Ropes 101 - People Skills

Getting Started

Learning the Ropes 101 - People Skills

For most of you reading this series you might have seen the first few technical articles then one about reporting, now you're seeing this about people skills. It's got you thinking now hasn't it? Why do I need to talk to people irl [https://en.wikipedia.org/wiki/Real_Life]

Getting Started

Learning the Ropes 101: Operating Systems - Linux

When learning about information security, software development, computer science or "insert other relevant topic here" it is likely that you will come up against a variety of different operating systems. Most new folks to this area will be primarily windows users and as a result will have had little or

Getting Started

Learning the Ropes 101: Basic Networking

In regards to the technological skill set required in this sector, dialling it down to complete basics is where to start. It is very important to understand and get your head around basic networking before you start to look at anything else as networking is how the internet works. How

window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-90NCC2R7PE');