carhacking Focus RS 2016 - Some Light Aesthetic Car Hacking Car hacking with Ford ForScan, adding SYNC3 changes and 5th Driving mode to 2016 Focus RS.
redteam Bloodhound 2.2 - A Tool for Many Tradecrafts Bloodhound is a tool for enumeration of an active directory environment. It maps out relationships between active directory objects and is useful for Pentesting and Red Teaming.
bugbounty Leveraging Expression Language Injection (EL Injection) for RCE Expression Language injection or EL Injection for short is an attack vector I'd never heard of until recently. This post talks about leveraging EL for RCE.
ltr101 NMAP Tips: RTFM? NMAP TL;DR It's a tool used for portscanning and this post will explore some of the common and useful flags that can be used while scanning to pick up
pentesting Open Redirect in Oracle EBS (CVE-2017-3528) Writeup of my first CVE; An open redirect in Oracle E-Business Suite, patched in April 2017 CPU(CVE-2017-3528).
CSRF Delivering Many a Payload via CSRF CSRF Is still an issue in 2018, with some interesting payload delivery methods. Chaining vulns and some more on CSV Injection too!
learning Breaking out of Amazon Echo Show Just a quickie, bought an Amazon Echo Show at the weekend because I wanted a new thing to play with and quickly found out how "locked" down it
hacking XXE - Things Are Getting Out of Band XXE Out of Band testing, explaining how to execute XXE OOB attacks over HTTP & FTP. Additional explanation on XXE RCE.
hacking Leading the Blind to Light! - A Chain to RCE Tl;DR I found a misconfigured host & leveraged a few vulnerabilities to gain the final end goal of remote code execution!
learning How to Pwn things over IPv6 IPv6 is the demon that many testers dare not touch very often as it is still not the norm or widely adopted. Don't get me wrong, it is available(it
bugbounty May the Shells be with You - A Star Wars RCE Adventure! Intro Continuing the non-ltr101 posts for a second here is a quick write-up of a cool bug I found recently on a bounty program. It features Remote Code Execution via
Getting Started LtR101: Web Application Testing Methodologies I get loads of messages on various mediums each week asking about how to get into information security & bug hunting. Queries range from how to do things through to
