ZeroSec - Adventures In Information Security
  • About Andy/ZephrFish
  • Learning the Ropes 101 Posts
  • LTR101 Book
  • Github
  • LinkedIn
Subscribe

ltr101

Learning The Ropes 101 Posts

docker

LTR101 - Disposable Attack Containers (DAC)

My take on using docker for disposable attack images, basically leveraging docker images for Bug Bounties & Pentesting.

Andy Gill Andy Gill
CSRF

Delivering Many a Payload via CSRF

CSRF Is still an issue in 2018, with some interesting payload delivery methods. Chaining vulns and some more on CSV Injection too!

Andy Gill Andy Gill
learning

How to Pwn things over IPv6

IPv6 is the demon that many testers dare not touch very often as it is still not the norm or widely adopted. Don't get me wrong, it is available(it has been for

Andy Gill Andy Gill
weekend

LTR101: My First CloudFront Domain Takeover/Hijack

Sub Domain Hijack Issue Hijack/takeover attacks can happen when a company creates a DNS entry that points to a third party service(CNAME Record), however, forget about the third party application leaving

Andy Gill Andy Gill
ltr101

LTR101: Programming Fundamentals

In security it can be very useful to understand programming, whilst you might not be able to code straight away it is very very useful to understand the core fundamentals. Throughout my blog,

Andy Gill Andy Gill
ltr101

LtR101: Selling Yourself & Hacking Your Career Path

Having the technical skills are great, going to meet-ups and making the social contacts is even better. What really gets you in the door though? Knowing people? A CV? Being somewhat known? All

Andy Gill Andy Gill
bugbounty

Bug Bounty Forum AMA (x-post from BBF)

Introduction What is your name, if you do not want to disclose your name, what is your handle/nickname? Where are you from? How long have you been hacking? How did you get

Andy Gill Andy Gill
ltr101

LtR101: Book Published

After almost 6 months, today is the day I finally finished & published: Breaking Into Information Security: Learning the Ropes 101. What does this mean exactly? Well more blog posts now as the

Andy Gill Andy Gill
ltr101

Ltr101: Markdown

For a lot of bug bounty platforms, code repos and chat clients, Markdown is used as the notation to outline whatever you're writing up. However having read many reports on various platforms, it

Andy Gill Andy Gill
ltr101

LtR101: Windows Terminal Environments

Windows is one of the most commonly used operating systems in the world, in comparison to Linux it is lesser used in security however still an OS of choice for many. The possibilities

Andy Gill Andy Gill
Getting Started

Learning the Ropes 101 - Virtualisation

This post talks of what virtualisation is, why it is important and how it works. I will also take you through setting up your first virtual machine (VM). What is Virtualisation Virtualisation put

Andy Gill Andy Gill
ltr101

Learning the Ropes 101: Burp Suite Intro

Burp Suite Features & Usage In this post I will discuss the different features of burp suite, how to use them and how they are useful. I will also discuss how to set

Andy Gill Andy Gill
learning

Learning The Ropes 101: Note Taking & Session Tracking

One of the most important tasks to do alongside hacking & reporting is note taking and tracking your work. Why? you might ask, because you never know when a session is going to

Andy Gill Andy Gill
ltr101

LTR101: WebAppTesting - Methods to the Madness

Following my post on Web Application Testing Methodologies, I received a lot of feedback and requests to elaborate more on the methodology. As it is geared towards pentesters, some newbies might not understand

Andy Gill Andy Gill
Getting Started

LtR101: Web Application Testing Methodologies

I get loads of messages on various mediums each week asking about how to get into information security & bug hunting. Queries range from how to do things through to how to get

Andy Gill Andy Gill
ltr101

LtR101: Web Application Testing - Further Reading

Further Learning Resources Now you have a somewhat understanding of what web application testing is, how to setup your learning/playground environment & how to use some tools, you're likely wanting something to

Andy Gill Andy Gill
Getting Started

Web Application Testing - Tooling

Having given an introduction into web app testing it is now time to move onto the tooling. Noting that this is for testing and not specifically bug bounty hunting. The tooling and techniques

Andy Gill Andy Gill
Getting Started

Web Application Testing(Learning the Ropes 101)- Introduction

To give some background, for those of you who do not already know I work as a pentester and my specialism is web application pentesting/penetration testing(also referred to some as appsec)

Andy Gill Andy Gill
Getting Started

Learning the Ropes 101 - People Skills

For most of you reading this series you might have seen the first few technical articles then one about reporting, now you're seeing this about people skills. It's got you thinking now hasn't

Andy Gill Andy Gill
bugbounty

Learning the Ropes 101: Stay Beautiful, Stay Verbose

Having recently just arrived back from DEFCON 24 Las Vegas, I've not had a chance to write up much in regards to blogging and for that I am sorry! Anyway this post will

Andy Gill Andy Gill
Getting Started

Learning the Ropes 101: Operating Systems - Linux

When learning about information security, software development, computer science or "insert other relevant topic here" it is likely that you will come up against a variety of different operating systems. Most

Andy Gill Andy Gill
Getting Started

Learning the Ropes 101: Basic Networking

In regards to the technological skill set required in this sector, dialling it down to complete basics is where to start. It is very important to understand and get your head around basic

Andy Gill Andy Gill
ltr101

Learning the Ropes 101: Introduction

I recently had a friend of mine come to me asking how to get into hacking and this side of technology. His background was very varied so it was difficult to outline the

Andy Gill Andy Gill
ZeroSec - Adventures In Information Security © 2018
Latest Posts Twitter Ghost
ZeroSec - Adventures In Information Security

Subscribe to ZeroSec - Adventures In Information Security

Stay up to date! Get all the latest & greatest posts delivered straight to your inbox