docker LTR101 - Disposable Attack Containers (DAC) My take on using docker for disposable attack images, basically leveraging docker images for Bug Bounties & Pentesting.
CSRF Delivering Many a Payload via CSRF CSRF Is still an issue in 2018, with some interesting payload delivery methods. Chaining vulns and some more on CSV Injection too!
learning How to Pwn things over IPv6 IPv6 is the demon that many testers dare not touch very often as it is still not the norm or widely adopted. Don't get me wrong, it is available(it has been for
weekend LTR101: My First CloudFront Domain Takeover/Hijack Sub Domain Hijack Issue Hijack/takeover attacks can happen when a company creates a DNS entry that points to a third party service(CNAME Record), however, forget about the third party application leaving
ltr101 LTR101: Programming Fundamentals In security it can be very useful to understand programming, whilst you might not be able to code straight away it is very very useful to understand the core fundamentals. Throughout my blog,
ltr101 LtR101: Selling Yourself & Hacking Your Career Path Having the technical skills are great, going to meet-ups and making the social contacts is even better. What really gets you in the door though? Knowing people? A CV? Being somewhat known? All
bugbounty Bug Bounty Forum AMA (x-post from BBF) Introduction What is your name, if you do not want to disclose your name, what is your handle/nickname? Where are you from? How long have you been hacking? How did you get
ltr101 LtR101: Book Published After almost 6 months, today is the day I finally finished & published: Breaking Into Information Security: Learning the Ropes 101. What does this mean exactly? Well more blog posts now as the
ltr101 Ltr101: Markdown For a lot of bug bounty platforms, code repos and chat clients, Markdown is used as the notation to outline whatever you're writing up. However having read many reports on various platforms, it
ltr101 LtR101: Windows Terminal Environments Windows is one of the most commonly used operating systems in the world, in comparison to Linux it is lesser used in security however still an OS of choice for many. The possibilities
Getting Started Learning the Ropes 101 - Virtualisation This post talks of what virtualisation is, why it is important and how it works. I will also take you through setting up your first virtual machine (VM). What is Virtualisation Virtualisation put
ltr101 Learning the Ropes 101: Burp Suite Intro Burp Suite Features & Usage In this post I will discuss the different features of burp suite, how to use them and how they are useful. I will also discuss how to set
learning Learning The Ropes 101: Note Taking & Session Tracking One of the most important tasks to do alongside hacking & reporting is note taking and tracking your work. Why? you might ask, because you never know when a session is going to
ltr101 LTR101: WebAppTesting - Methods to the Madness Following my post on Web Application Testing Methodologies, I received a lot of feedback and requests to elaborate more on the methodology. As it is geared towards pentesters, some newbies might not understand
Getting Started LtR101: Web Application Testing Methodologies I get loads of messages on various mediums each week asking about how to get into information security & bug hunting. Queries range from how to do things through to how to get
ltr101 LtR101: Web Application Testing - Further Reading Further Learning Resources Now you have a somewhat understanding of what web application testing is, how to setup your learning/playground environment & how to use some tools, you're likely wanting something to
Getting Started Web Application Testing - Tooling Having given an introduction into web app testing it is now time to move onto the tooling. Noting that this is for testing and not specifically bug bounty hunting. The tooling and techniques
Getting Started Web Application Testing(Learning the Ropes 101)- Introduction To give some background, for those of you who do not already know I work as a pentester and my specialism is web application pentesting/penetration testing(also referred to some as appsec)
Getting Started Learning the Ropes 101 - People Skills For most of you reading this series you might have seen the first few technical articles then one about reporting, now you're seeing this about people skills. It's got you thinking now hasn't
bugbounty Learning the Ropes 101: Stay Beautiful, Stay Verbose Having recently just arrived back from DEFCON 24 Las Vegas, I've not had a chance to write up much in regards to blogging and for that I am sorry! Anyway this post will
Getting Started Learning the Ropes 101: Operating Systems - Linux When learning about information security, software development, computer science or "insert other relevant topic here" it is likely that you will come up against a variety of different operating systems. Most
Getting Started Learning the Ropes 101: Basic Networking In regards to the technological skill set required in this sector, dialling it down to complete basics is where to start. It is very important to understand and get your head around basic
ltr101 Learning the Ropes 101: Introduction I recently had a friend of mine come to me asking how to get into hacking and this side of technology. His background was very varied so it was difficult to outline the