windows Build, Attack, Defend, Fix – Paving the way to DA - Part 1/5 While most of us in the world of offensive security love getting domain administrator (DA) when doing assessments. How many of you know how the issue occurs, how to defend against it and how to properly remediate it?
ltr101 LTR101: Writing or Receiving Your First Pentest Report A penetration test report is more often tailored to multiple reading groups and as a result needs to be broken down into multiple sections for easier digestion by the business.
ltr101 Surviving in the Ring: Expanding Your Horizons Before We Dive in, thank you to each and every single person who has read, downloaded, purchased, shared and even copied my book! Following the success of my first book,
NotHacking Mental Health and Security Mental health and mental wellbeing is very important and is often overlooked in the security industry. This post discusses the four most common issues and proposes some solutions.
ltr101 Hawl! Gonny Gee Me a Puddy Up?! How to actually get into the industry. An explaination on different topics to better aid you in getting in. Some hints and tricks from Andy Gill about his journey
ZTH ZTH-CH2: - Security For Everyone I will explain the importance of using strong passwords, what multi-factor/two-factor authentication is and why it is important and also explain some more security tips.
pentesting LTR101 - Facing Your Fears Following a wee dry spell of blog posts here's my latest(a wee quickie). At the time of writing this blog I've since done three security conference talks in my
learning ZTH-CH1: From Zero to Technical Hero This post will take the very core basics and explain them in a series of analogies that are easier to understand if you're completely non-technical or have minimal know-how. I want to make information security and the technicalities more accessible to the masses.
homenetwork [Ongoing Project] Building the Dream Home Network This is not uber leet hax0rs stuff, but it does serve as a somewhat tutorial on how I set up my new home network in my flat.
docker LTR101 - Disposable Attack Containers (DAC) My take on using docker for disposable attack images, basically leveraging docker images for Bug Bounties & Pentesting.
pentesting Open Redirect in Oracle EBS (CVE-2017-3528) Writeup of my first CVE; An open redirect in Oracle E-Business Suite, patched in April 2017 CPU(CVE-2017-3528).
CSRF Delivering Many a Payload via CSRF CSRF Is still an issue in 2018, with some interesting payload delivery methods. Chaining vulns and some more on CSV Injection too!
learning Breaking out of Amazon Echo Show Just a quickie, bought an Amazon Echo Show at the weekend because I wanted a new thing to play with and quickly found out how "locked" down it
hacking XXE - Things Are Getting Out of Band XXE Out of Band testing, explaining how to execute XXE OOB attacks over HTTP & FTP. Additional explanation on XXE RCE.
hacking Leading the Blind to Light! - A Chain to RCE Tl;DR I found a misconfigured host & leveraged a few vulnerabilities to gain the final end goal of remote code execution!
learning How to Pwn things over IPv6 IPv6 is the demon that many testers dare not touch very often as it is still not the norm or widely adopted. Don't get me wrong, it is available(it
weekend LTR101: My First CloudFront Domain Takeover/Hijack Sub Domain Hijack Issue Hijack/takeover attacks can happen when a company creates a DNS entry that points to a third party service(CNAME Record), however, forget about the third
ltr101 LTR101: Programming Fundamentals In security it can be very useful to understand programming, whilst you might not be able to code straight away it is very very useful to understand the core fundamentals.
defcon Why Infosec Conferences are Awesome [DC, BSides, Steelcon, The Rest] Taking a quick step away from tutorials and write-ups, here is what was originally a blog about DEF CON 25 and all the things in-between. However, as I'm just back
bugbounty May the Shells be with You - A Star Wars RCE Adventure! Intro Continuing the non-ltr101 posts for a second here is a quick write-up of a cool bug I found recently on a bounty program. It features Remote Code Execution via
learning Blind XXE - Hunting in the Dark Before getting into the post, this isn't anything brand new or leet in the area of XML External Entity (Blind XXE) attacks, it is purely something I came across and
tool [Tools Release] GoogD0rker & AttackDeploy This post serves as a quick description of two scripts I have written and published on my Github. It's not often that I take or even have the time to
ltr101 LtR101: Selling Yourself & Hacking Your Career Path Having the technical skills are great, going to meet-ups and making the social contacts is even better. What really gets you in the door though? Knowing people? A CV? Being
bugbounty Bug Bounty Forum AMA (x-post from BBF) Introduction What is your name, if you do not want to disclose your name, what is your handle/nickname? Where are you from? How long have you been hacking? How
ltr101 LtR101: Book Published After almost 6 months, today is the day I finally finished & published: Breaking Into Information Security: Learning the Ropes 101. What does this mean exactly? Well more blog posts
![[Ongoing Project] Building the Dream Home Network](https://images.unsplash.com/photo-1477519242566-6ae87c31d212?ixlib=rb-0.3.5&q=80&fm=jpg&crop=entropy&cs=tinysrgb&w=1080&fit=max&ixid=eyJhcHBfaWQiOjExNzczfQ&s=fc23e529a53f6fa80f0e40976e6af76f)
![Why Infosec Conferences are Awesome [DC, BSides, Steelcon, The Rest]](/content/images/size/w600/2017/10/goon.jpg)
![[Tools Release] GoogD0rker & AttackDeploy](https://images.unsplash.com/photo-1534137667199-675a46e143f3?ixlib=rb-0.3.5&q=80&fm=jpg&crop=entropy&cs=tinysrgb&w=1080&fit=max&ixid=eyJhcHBfaWQiOjExNzczfQ&s=980bded661089e1f9e1ba92ee18dbe7a)
