Learning The Ropes 101 Posts

ltr101

Learning The Ropes 101 Posts

LTR102 - Teaser

ltr101 Featured

LTR102 - Teaser

I started writing LTR102 a while ago but have decided to release a teaser chapter of the new book for free for folks to check out and feedback on. This is the introduction and chapter 1.

Learning The [Defence] Ropes 101 - Splunk Setup & Config

Learning The [Defence] Ropes 101 - Splunk Setup & Config

As an attacker I come across Splunk a lot but I've never deployed it. This blog post will deep dive into deploying it and querying the back end!

LTR101: Writing or Receiving Your First Pentest Report

ltr101 Featured

LTR101: Writing or Receiving Your First Pentest Report

A penetration test report is more often tailored to multiple reading groups and as a result needs to be broken down into multiple sections for easier digestion by the business.

Mail Security - SPF - WTF

ltr101 Featured

Mail Security - SPF - WTF

Mail technologies(SPF, DKIM and DMARC) are important to understand from all sides.

So You Want to Learn [Red] Teaming?

redteam Featured

So You Want to Learn [Red] Teaming?

Red Teaming is something that takes a bit of experience to actually nail, it's not something you expect to walk into after doing a four year uni course or something to pick up with little to no actual security experience.

DNS - Setting the Record Straight

ltr101 Featured

DNS - Setting the Record Straight

The domain name systems, more commonly referred to as DNS is essentially a phone book of the Internet. Ler's take a deep dive into DNS.

Surviving in the Ring: Expanding Your Horizons

ltr101 Featured

Surviving in the Ring: Expanding Your Horizons

Before We Dive in, thank you to each and every single person who has read, downloaded, purchased, shared and even copied my book! Following the success of my first book, it has been well received far and wide expanding the knowledge of individuals and allowing them to understand the basics

NMAP Tips: RTFM?

ltr101 Featured

NMAP Tips: RTFM?

NMAP TL;DR It's a tool used for portscanning and this post will explore some of the common and useful flags that can be used while scanning to pick up usful information about targets. What Is NMAP? Nmap or Network mapper is an open source tool for network discovery and

Hawl! Gonny Gee Me a Puddy Up?!

Hawl! Gonny Gee Me a Puddy Up?!

How to actually get into the industry. An explaination on different topics to better aid you in getting in. Some hints and tricks from Andy Gill about his journey

LTR101 - Disposable Attack Containers (DAC)

LTR101 - Disposable Attack Containers (DAC)

My take on using docker for disposable attack images, basically leveraging docker images for Bug Bounties & Pentesting.

Delivering Many a Payload via CSRF

Delivering Many a Payload via CSRF

CSRF Is still an issue in 2018, with some interesting payload delivery methods. Chaining vulns and some more on CSV Injection too!

How to Pwn things over IPv6

How to Pwn things over IPv6

IPv6 is the demon that many testers dare not touch very often as it is still not the norm or widely adopted. Don't get me wrong, it is available(it has been for a while now). And, many big and small companies are using it but it isn't what a

LTR101: My First CloudFront Domain Takeover/Hijack

LTR101: My First CloudFront Domain Takeover/Hijack

Update 2021/2022: This technique no longer works for Subdomain Hijacking as Amazon have patched it. The only way to hijack the subdomain is if you have control over DNS for the domain and that requires deeper compromise. Sub Domain Hijack Issue Hijack/takeover attacks can happen when a company

LTR101: Programming Fundamentals

LTR101: Programming Fundamentals

In security it can be very useful to understand programming, whilst you might not be able to code straight away it is very very useful to understand the core fundamentals. Throughout my blog, I am hoping to give you the basics to prepare you to start your journey in learning

LtR101: Selling Yourself & Hacking Your Career Path

LtR101: Selling Yourself & Hacking Your Career Path

Having the technical skills are great, going to meet-ups and making the social contacts is even better. What really gets you in the door though? Knowing people? A CV? Being somewhat known? All valid points and questions, all worth looking into and all will get you somewhere. Things to Consider

Bug Bounty Forum AMA (x-post from BBF)

Bug Bounty Forum AMA (x-post from BBF)

Introduction What is your name, if you do not want to disclose your name, what is your handle/nickname? Where are you from? How long have you been hacking? How did you get started? What platforms or popular public programs have you hacked on? Hi folks, I’m Andy also

LtR101: Book Published

LtR101: Book Published

After almost 6 months, today is the day I finally finished & published: Breaking Into Information Security: Learning the Ropes 101. What does this mean exactly? Well more blog posts now as the book is out there! Got a few posts lined up made up of weekend projects I've been doing

Ltr101: Markdown

Ltr101: Markdown

For a lot of bug bounty platforms, code repos and chat clients, Markdown is used as the notation to outline whatever you're writing up. However having read many reports on various platforms, it seems folks either are too lazy to use it or just don't know. Here's a quick 101

LtR101: Windows Terminal Environments

LtR101: Windows Terminal Environments

Windows is one of the most commonly used operating systems in the world, in comparison to Linux it is lesser used in security however still an OS of choice for many. The possibilities for usage are fairly large, the UI is usable and support of tools is varied however by

Learning the Ropes 101 - Virtualisation

Getting Started

Learning the Ropes 101 - Virtualisation

This post talks of what virtualisation is, why it is important and how it works. I will also take you through setting up your first virtual machine (VM). What is Virtualisation Virtualisation put briefly is the process of creating a container of resources to run an operating system within the

Learning the Ropes 101: Burp Suite Intro

Learning the Ropes 101: Burp Suite Intro

Burp Suite Features & Usage In this post I will discuss the different features of burp suite, how to use them and how they are useful. I will also discuss how to set it up with different browsers and some advanced tips for the pro version. Also note that some of

Learning The Ropes 101: Note Taking & Session Tracking

Learning The Ropes 101: Note Taking & Session Tracking

One of the most important tasks to do alongside hacking & reporting is note taking and tracking your work. Why? you might ask, because you never know when a session is going to die or you might use a cool one-liner and want to go back to it. Keeping concise notes

LTR101: WebAppTesting - Methods to the Madness

LTR101: WebAppTesting - Methods to the Madness

Following my post on Web Application Testing Methodologies [https://blog.zsec.uk/ltr101-methodologies/], I received a lot of feedback and requests to elaborate more on the methodology. As it is geared towards pentesters, some newbies might not understand what things are or what tools can be used to achieve the

LtR101: Web Application Testing Methodologies

Getting Started

LtR101: Web Application Testing Methodologies

I get loads of messages on various mediums each week asking about how to get into information security & bug hunting. Queries range from how to do things through to how to get into the industry and where to start. I started this series for those people, learning and wanting to

LtR101: Web Application Testing - Further Reading

LtR101: Web Application Testing - Further Reading

Further Learning Resources Now you have a somewhat understanding of what web application testing is, how to setup your learning/playground environment & how to use some tools, you're likely wanting something to hack and play with? Well fortunately there are many many many resources out there for learning the trade