pentesting - ZephrSec - Adventures In Information Security

Sign in Subscribe

pentesting

A collection of 13 posts

WebSockets are a Pain - A Journey in Learning and Leveraging

pentesting Featured

WebSockets are a Pain - A Journey in Learning and Leveraging

Before I dive in and show examples of implementations that worked, it is worth doing a quick explainer on what WebSockets are, how they work, what a typical request handshake looks like, and how to troubleshoot when things don't go the way you want them to.

Build, Attack, Defend, Fix – Paving the way to DA

Build, Attack, Defend, Fix – Paving the way to DA

While most of us in the world of offensive security love getting domain administrator (DA) when doing assessments. How many of you know how the issue occurs, how to defend against it and how to properly remediate it?

LTR101: Writing or Receiving Your First Pentest Report

ltr101 Featured

LTR101: Writing or Receiving Your First Pentest Report

A penetration test report is more often tailored to multiple reading groups and as a result needs to be broken down into multiple sections for easier digestion by the business.

Bloodhound 2.2 - A Tool for Many Tradecrafts

redteam Featured

Bloodhound 2.2 - A Tool for Many Tradecrafts

Bloodhound is a tool for enumeration of an active directory environment. It maps out relationships between active directory objects and is useful for Pentesting and Red Teaming.

LTR101 - Facing Your Fears

LTR101 - Facing Your Fears

Following a wee dry spell of blog posts here's my latest(a wee quickie). At the time of writing this blog I've since done three security conference talks in my life so far! For the duration of the year 2018, I set myself a few goals to overcome some of

LTR101 - Disposable Attack Containers (DAC)

LTR101 - Disposable Attack Containers (DAC)

My take on using docker for disposable attack images, basically leveraging docker images for Bug Bounties & Pentesting.

Open Redirect in Oracle EBS (CVE-2017-3528)

Open Redirect in Oracle EBS (CVE-2017-3528)

Writeup of my first CVE; An open redirect in Oracle E-Business Suite, patched in April 2017 CPU(CVE-2017-3528).

It's Not All Hacking - Life [Escaping]

It's Not All Hacking - Life [Escaping]

Working from home brings a lot of great things to the table, it allows you to make your home your workplace, gives you freedom.

Delivering Many a Payload via CSRF

Delivering Many a Payload via CSRF

CSRF Is still an issue in 2018, with some interesting payload delivery methods. Chaining vulns and some more on CSV Injection too!

XXE - Things Are Getting Out of Band

XXE - Things Are Getting Out of Band

XXE Out of Band testing, explaining how to execute XXE OOB attacks over HTTP & FTP. Additional explanation on XXE RCE.

Leading the Blind to Light! - A Chain to RCE

Leading the Blind to Light! - A Chain to RCE

Tl;DR I found a misconfigured host & leveraged a few vulnerabilities to gain the final end goal of remote code execution!

How to Pwn things over IPv6

How to Pwn things over IPv6

IPv6 is the demon that many testers dare not touch very often as it is still not the norm or widely adopted. Don't get me wrong, it is available(it has been for a while now). And, many big and small companies are using it but it isn't what a

LtR101: Web Application Testing Methodologies

Getting Started

LtR101: Web Application Testing Methodologies

I get loads of messages on various mediums each week asking about how to get into information security & bug hunting. Queries range from how to do things through to how to get into the industry and where to start. I started this series for those people, learning and wanting to

window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-90NCC2R7PE');