pentesting LTR101 - Facing Your Fears Following a wee dry spell of blog posts here's my latest(a wee quickie). At the time of writing this blog I've since done three security conference talks in my life so far!
docker LTR101 - Disposable Attack Containers (DAC) My take on using docker for disposable attack images, basically leveraging docker images for Bug Bounties & Pentesting.
pentesting Open Redirect in Oracle EBS (CVE-2017-3528) Writeup of my first CVE; An open redirect in Oracle E-Business Suite, patched in April 2017 CPU(CVE-2017-3528).
NotHacking It's Not All Hacking - Life [Escaping] Working from home brings a lot of great things to the table, it allows you to make your home your workplace, gives you freedom.
CSRF Delivering Many a Payload via CSRF CSRF Is still an issue in 2018, with some interesting payload delivery methods. Chaining vulns and some more on CSV Injection too!
hacking XXE - Things Are Getting Out of Band XXE Out of Band testing, explaining how to execute XXE OOB attacks over HTTP & FTP. Additional explanation on XXE RCE.
hacking Leading the Blind to Light! - A Chain to RCE Tl;DR I found a misconfigured host & leveraged a few vulnerabilities to gain the final end goal of remote code execution!
learning How to Pwn things over IPv6 IPv6 is the demon that many testers dare not touch very often as it is still not the norm or widely adopted. Don't get me wrong, it is available(it has been for
Getting Started LtR101: Web Application Testing Methodologies I get loads of messages on various mediums each week asking about how to get into information security & bug hunting. Queries range from how to do things through to how to get
