learning - ZeroSec - Adventures In Information Security

learning

A collection of 37 posts

Developing An Effective Security Program

informationsecurity

Developing An Effective Security Program

This post comes off the back of a series of tweets I made one morning, I decided that after a long thread it was probably better to combine into one post. So here it is folks. If you want to deploy a proper security program there are some key basics

The Day I Trolled The Entire Internet: An Accidental Research Project on CVE-2020-1350

The Day I Trolled The Entire Internet: An Accidental Research Project on CVE-2020-1350

What do you get if you create a binary, a few bash scripts, a README and excellent timing? CVE-2020-1350

Build, Attack, Defend, Fix – Paving the way to DA

Build, Attack, Defend, Fix – Paving the way to DA

While most of us in the world of offensive security love getting domain administrator (DA) when doing assessments. How many of you know how the issue occurs, how to defend against it and how to properly remediate it?

LTR101: Writing or Receiving Your First Pentest Report

ltr101 Featured

LTR101: Writing or Receiving Your First Pentest Report

A penetration test report is more often tailored to multiple reading groups and as a result needs to be broken down into multiple sections for easier digestion by the business.

Surviving in the Ring: Expanding Your Horizons

ltr101 Featured

Surviving in the Ring: Expanding Your Horizons

Before We Dive in, thank you to each and every single person who has read, downloaded, purchased, shared and even copied my book! Following the success of my first book, it has been well received far and wide expanding the knowledge of individuals and allowing them to understand the basics

Mental Health and Security

NotHacking Featured

Mental Health and Security

Mental health and mental wellbeing is very important and is often overlooked in the security industry. This post discusses the four most common issues and proposes some solutions.

Hawl! Gonny Gee Me a Puddy Up?!

Hawl! Gonny Gee Me a Puddy Up?!

How to actually get into the industry. An explaination on different topics to better aid you in getting in. Some hints and tricks from Andy Gill about his journey

ZTH-CH2: - Security For Everyone

ZTH-CH2: - Security For Everyone

I will explain the importance of using strong passwords, what multi-factor/two-factor authentication is and why it is important and also explain some more security tips.

LTR101 - Facing Your Fears

LTR101 - Facing Your Fears

Following a wee dry spell of blog posts here's my latest(a wee quickie). At the time of writing this blog I've since done three security conference talks in my life so far! For the duration of the year 2018, I set myself a few goals to overcome some of

ZTH-CH1: From Zero to Technical Hero

learning Featured

ZTH-CH1: From Zero to Technical Hero

This post will take the very core basics and explain them in a series of analogies that are easier to understand if you're completely non-technical or have minimal know-how. I want to make information security and the technicalities more accessible to the masses.

[Ongoing Project] Building the Dream Home Network

[Ongoing Project] Building the Dream Home Network

This is not uber leet hax0rs stuff, but it does serve as a somewhat tutorial on how I set up my new home network in my flat.

LTR101 - Disposable Attack Containers (DAC)

LTR101 - Disposable Attack Containers (DAC)

My take on using docker for disposable attack images, basically leveraging docker images for Bug Bounties & Pentesting.

Open Redirect in Oracle EBS (CVE-2017-3528)

Open Redirect in Oracle EBS (CVE-2017-3528)

Writeup of my first CVE; An open redirect in Oracle E-Business Suite, patched in April 2017 CPU(CVE-2017-3528).

Delivering Many a Payload via CSRF

Delivering Many a Payload via CSRF

CSRF Is still an issue in 2018, with some interesting payload delivery methods. Chaining vulns and some more on CSV Injection too!

Breaking out of Amazon Echo Show

Breaking out of Amazon Echo Show

Just a quickie, bought an Amazon Echo Show at the weekend because I wanted a new thing to play with and quickly found out how "locked" down it is. This is how to access a browser on the echo show, and can be used to view netflix on the echo

XXE - Things Are Getting Out of Band

XXE - Things Are Getting Out of Band

XXE Out of Band testing, explaining how to execute XXE OOB attacks over HTTP & FTP. Additional explanation on XXE RCE.

Leading the Blind to Light! - A Chain to RCE

Leading the Blind to Light! - A Chain to RCE

Tl;DR I found a misconfigured host & leveraged a few vulnerabilities to gain the final end goal of remote code execution!

How to Pwn things over IPv6

How to Pwn things over IPv6

IPv6 is the demon that many testers dare not touch very often as it is still not the norm or widely adopted. Don't get me wrong, it is available(it has been for a while now). And, many big and small companies are using it but it isn't what a

LTR101: My First CloudFront Domain Takeover/Hijack

LTR101: My First CloudFront Domain Takeover/Hijack

Update 2021/2022: This technique no longer works for Subdomain Hijacking as Amazon have patched it. The only way to hijack the subdomain is if you have control over DNS for the domain and that requires deeper compromise. Sub Domain Hijack Issue Hijack/takeover attacks can happen when a company

LTR101: Programming Fundamentals

LTR101: Programming Fundamentals

In security it can be very useful to understand programming, whilst you might not be able to code straight away it is very very useful to understand the core fundamentals. Throughout my blog, I am hoping to give you the basics to prepare you to start your journey in learning

Why Infosec Conferences are Awesome [DC, BSides, Steelcon, The Rest]

Why Infosec Conferences are Awesome [DC, BSides, Steelcon, The Rest]

Taking a quick step away from tutorials and write-ups, here is what was originally a blog about DEF CON 25 and all the things in-between. However, as I'm just back from BSidesManchester, and having also been to a few other conferences this year I decided to amalgamate all of the

May the Shells be with You - A Star Wars RCE Adventure!

May the Shells be with You - A Star Wars RCE Adventure!

Intro Continuing the non-ltr101 [https://blog.zsec.uk/tag/ltr101/] posts for a second here is a quick write-up of a cool bug I found recently on a bounty program. It features Remote Code Execution via an abandoned web service. Enabling me to traverse the target internal network and gain

Blind XXE - Hunting in the Dark

Blind XXE - Hunting in the Dark

Before getting into the post, this isn't anything brand new or leet in the area of XML External Entity (Blind XXE) attacks, it is purely something I came across and wanted to share. The tl;dr to start off is essentially: * Found an XXE bug that was blind meaning that

[Tools Release] GoogD0rker & AttackDeploy

[Tools Release] GoogD0rker & AttackDeploy

This post serves as a quick description of two scripts I have written and published on my Github [https://github.com/ZephrFish]. It's not often that I take or even have the time to write things other than blog posts and reports it seems. However last week I saw two

LtR101: Selling Yourself & Hacking Your Career Path

LtR101: Selling Yourself & Hacking Your Career Path

Having the technical skills are great, going to meet-ups and making the social contacts is even better. What really gets you in the door though? Knowing people? A CV? Being somewhat known? All valid points and questions, all worth looking into and all will get you somewhere. Things to Consider