automation Orchestrating deployment of @myexploit2600's hacklab with Ansible and Vagrant [REDUX] Deploy your hacklab using Ansible and Vagrant for fast, repeatable results. Building on the work by @myexploit2600, we're going to use Ansible and Vagrant to automate the manual steps of constructing a domain and vulnerable users.
carhacking Featured Focus RS 2016 - Some Light Aesthetic Car Hacking Car hacking with Ford ForScan, adding SYNC3 changes and 5th Driving mode to 2016 Focus RS.
redteam Featured Bloodhound 2.2 - A Tool for Many Tradecrafts Bloodhound is a tool for enumeration of an active directory environment. It maps out relationships between active directory objects and is useful for Pentesting and Red Teaming.
bugbounty Featured Leveraging Expression Language Injection (EL/OGNL Injection) for RCE Expression Language injection or EL Injection for short is an attack vector I'd never heard of until recently. This post talks about leveraging EL for RCE.
ltr101 Featured NMAP Tips: RTFM? NMAP TL;DR It's a tool used for portscanning and this post will explore some of the common and useful flags that can be used while scanning to pick up usful information about targets. What Is NMAP? Nmap or Network mapper is an open source tool for network
pentesting Open Redirect in Oracle EBS (CVE-2017-3528) Writeup of my first CVE; An open redirect in Oracle E-Business Suite, patched in April 2017 CPU(CVE-2017-3528).
CSRF Delivering Many a Payload via CSRF CSRF Is still an issue in 2018, with some interesting payload delivery methods. Chaining vulns and some more on CSV Injection too!
learning Breaking out of Amazon Echo Show Just a quickie, bought an Amazon Echo Show at the weekend because I wanted a new thing to play with and quickly found out how "locked" down it is. This is how to access a browser on the echo show, and can be used to view netflix on
hacking XXE - Things Are Getting Out of Band XXE Out of Band testing, explaining how to execute XXE OOB attacks over HTTP & FTP. Additional explanation on XXE RCE.
hacking Leading the Blind to Light! - A Chain to RCE Tl;DR I found a misconfigured host & leveraged a few vulnerabilities to gain the final end goal of remote code execution!
learning How to Pwn things over IPv6 IPv6 is the demon that many testers dare not touch very often as it is still not the norm or widely adopted. Don't get me wrong, it is available(it has been for a while now). And, many big and small companies are using it but it isn&
bugbounty May the Shells be with You - A Star Wars RCE Adventure! Intro Continuing the non-ltr101 [https://blog.zsec.uk/tag/ltr101/] posts for a second here is a quick write-up of a cool bug I found recently on a bounty program. It features Remote Code Execution via an abandoned web service. Enabling me to traverse the target internal network and gain
Getting Started LtR101: Web Application Testing Methodologies I get loads of messages on various mediums each week asking about how to get into information security & bug hunting. Queries range from how to do things through to how to get into the industry and where to start. I started this series for those people, learning and wanting