windows Build, Attack, Defend, Fix – Paving the way to DA While most of us in the world of offensive security love getting domain administrator (DA) when doing assessments. How many of you know how the issue occurs, how to defend against it and how to properly remediate it?
carhacking Featured Focus RS 2016 - Some Light Aesthetic Car Hacking Car hacking with Ford ForScan, adding SYNC3 changes and 5th Driving mode to 2016 Focus RS.
homenetwork [Ongoing Project] Building the Dream Home Network This is not uber leet hax0rs stuff, but it does serve as a somewhat tutorial on how I set up my new home network in my flat.
pentesting Open Redirect in Oracle EBS (CVE-2017-3528) Writeup of my first CVE; An open redirect in Oracle E-Business Suite, patched in April 2017 CPU(CVE-2017-3528).
CSRF Delivering Many a Payload via CSRF CSRF Is still an issue in 2018, with some interesting payload delivery methods. Chaining vulns and some more on CSV Injection too!
hacking Leading the Blind to Light! - A Chain to RCE Tl;DR I found a misconfigured host & leveraged a few vulnerabilities to gain the final end goal of remote code execution!
weekend LTR101: My First CloudFront Domain Takeover/Hijack Update 2021/2022: This technique no longer works for Subdomain Hijacking as Amazon have patched it. The only way to hijack the subdomain is if you have control over DNS for the domain and that requires deeper compromise. Sub Domain Hijack Issue Hijack/takeover attacks can happen when a company