So You Want To Work in Cyber Security?
It goes without saying that being a Professional Penetration Tester is considered to be one of the “cooler” jobs in InfoSec. I mean, let’s be honest here - w...
Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463
Welcome to the third and final installment of the “Chrome Browser Exploitation” series. The main objective of this series has been to provide an introduction...
Chrome Browser Exploitation, Part 2: Introduction to Ignition, Sparkplug and JIT Compilation via TurboFan
In my previous post “Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals”, we took our first deep dive into the world of browser...
Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals
Web browsers, our extensive gateway to the internet. Browsers today play a vital role in modern organizations as more and more software applications are deli...
Red Team Tactics: Utilizing Syscalls in C# - Writing The Code
In my previous post “Red Team Tactics: Utilizing Syscalls in C# - Prerequisite Knowledge”, we covered some basic prerequisite concepts that we needed to unde...
Red Team Tactics: Utilizing Syscalls in C# - Prerequisite Knowledge
Over the past year, the security community - specifically Red Team Operators and Blue Team Defenders - have seen a massive rise in both public and private ut...
SANS 2019 Holiday Hack Challenge
Happy Holidays and a Happy New Year 2020 readers!
Offensive Security’s CTP & OSCE Review
On August 22, 2019 I received yet another one of the most desired emails by aspiring Offensive Security enthusiasts and professionals…
Google CTF (2018): Beginners Quest - PWN Solutions (2/2)
In my previous post “Google CTF (2018): Beginners Quest - PWN Solutions (1/2)”, we covered the first set of PWN solutions for the Beginners Quest, which touc...
Google CTF (2018): Beginners Quest - PWN Solutions (1/2)
In my previous post “Google CTF (2018): Beginners Quest - Reverse Engineering Solutions”, we covered the reverse engineering solutions for the 2018 Google CT...
Google CTF (2018): Beginners Quest - Reverse Engineering Solutions
In my previous post “Google CTF (2018): Beginners Quest - Web Solutions” we covered the web challenges for the 2018 Google CTF, which covered a variety of se...
Google CTF (2018): Beginners Quest - Web Solutions
In my previous post “Google CTF (2018): Beginners Quest - Miscellaneous Solutions”, we covered the miscellaneous challenges for the 2018 Google CTF, which co...
Google CTF (2018): Beginners Quest - Miscellaneous Solutions
In my previous post “Google CTF (2018): Beginners Quest - Introduction”, we covered how to break into CTFs and I also introduced the 2018 Google CTF. In this...
Google CTF (2018): Beginners Quest - Introduction
Over the past couple of weeks I’ve been doing a lot of CTFs (Capture the Flag) - old and new. And I honestly can’t believe what I’ve been missing out on. I’v...
SANS 2018 Holiday Hack Challenge
Happy Holidays and a Happy New Year 2019 readers!
So You Want To Be a Pentester? (Updated 2023)
This is an old and outdated version of the blog. If you haven’t read this post yet, then please see the new one for the most up-to-date content: “So You Want...
Reverse Engineering Network Protocols
In the past few weeks I finally found time to dig into my library and read some of the books that I’ve been meaning to read since like last year. One of the ...
SANS 2017 Holiday Hack Challenge
Happy Holidays and a Happy New Year 2018 readers!
Offensive Security’s PWK & OSCP Review
On December 19, 2017 I received one of the most desired emails by aspiring Offensive Security enthusiasts and professionals…
Pentestit Lab v11 - Help Desk Token (11/12)
In my previous post “Pentestit Lab v11 - Access Control Token (10/12)”, we carried out intelligence gathering on the Access Control machine, exploited a Comm...
Pentestit Lab v11 - Access Control Token (10/12)
In my previous post “Pentestit Lab v11 - ClamAV Token (9/12)”, we continued our intelligence gathering by footprinting the 192.168.11.x subnet, exploited a R...
Pentestit Lab v11 - ClamAV Token (9/12)
In my previous post “Pentestit Lab v11 - Cloud Token (8/12)”, we utilized tcpdump for Network Reconnaissance on the compromised 192.168.10.1 machine, accesse...
Pentestit Lab v11 - Cloud Token (8/12)
In my previous post “Pentestit Lab v11 - Connect Token (7/12)”, we footprinted the 192.168.11.1 subnet, exploited a Command Injection Vulnerability, carried ...
Pentestit Lab v11 - Connect Token (7/12)
In my previous lab “Pentestit Lab v11 - Director Token (6/12)”, we footprinted the DIR Subnet using a comprised SSH Key for the 172.16.0.252 Router in the Ma...
Pentestit Lab v11 - Director Token (6/12)
In my previous post “Pentestit Lab v11 - CUPS Token (5/12)”, we footprinted the CUPS server, exploited a SQL Injection Vulnerability that allowed us to gain ...
Pentestit Lab v11 - CUPS Token (5/12)
In my previous post “Pentestit Lab v11 - AD Token (4/12)”, we footprinted the AD server, utilized Pass the Hash by using our newly found hash for SMB Authetn...
Pentestit Lab v11 - AD Token (4/12)
In my previous post “Pentestit Lab v11 - RDP Token (3/12)”, we footprinted the Office 2 subnet, utilized SSH tunneling to attain RDP access, enumerated and b...
Pentestit Lab v11 - RDP Token (3/12)
In my previous post “Pentestit Lab v11 - Site Token (2/12)”, we found an SSH Login to Office 2 via Intelligence Gathering, brute forced OpenVPN which allowed...
Pentestit Lab v11 - Site Token (2/12)
In my previous post “Pentestit Lab v11 - CRM Token (1/12)”, we found a SQL Injection Vulnerability on the main WordPress site and a Remote Code Execution Vul...
Pentestit Lab v11 - CRM Token (1/12)
In my previous post “Pentestit Lab v11 - Introduction & Network”, we covered the Network, and VPN Connection. Today we will be covering the first steps t...
Pentestit Lab v11 - Introduction & Network
Hello readers, and welcome back to another series of the Pentestit Write-ups! I know it has been a while since I last posted here - but with the release of t...
Pentestit Lab v10 - Cloud Token (13/13)
In my previous post “Pentestit Lab v10 - WIN-DC0 Token (12/13)”, we utilized our VPN access and the WIN-TERM machine to pivot into the WIN-DC0 machine, gathe...
Pentestit Lab v10 - WIN-DC0 Token (12/13)
In my previous post “Pentestit Lab v10 - WIN-TERM Token (11/13)”, we utilized our VPN tunnel to access the WIN-TERM machine via RDP, exploited the MS16-032 v...
Pentestit Lab v10 - WIN-TERM Token (11/13)
In my previous post “Pentestit Lab v10 - Web-Control Token (10/13)”, we utilized our VPN tunnel via SSH on the compromised gw machine to access the internal ...
Pentestit Lab v10 - Web-Control Token (10/13)
In my previous post “Pentestit Lab v10 - Hall of Fame Token (9/13)”, we continued utilizing our gw machine as a pivot point, utilized SSHuttle as a VPN to ac...
Pentestit Lab v10 - Hall of Fame Token (9/13)
In my previous post “Pentestit Lab v10 - News Token (8/13)”, we continued to utilize the compromised gw machine as a pivot point to attack the News Machine, ...
Pentestit Lab v10 - News Token (8/13)
In my previous post “Pentestit Lab v10 - Captcha Token (7/13)”, we pivoted further into the internal network via an SSL Tunnel to access the Captcha Machine,...
Pentestit Lab v10 - Captcha Token (7/13)
In my previous post “Pentestit Lab v10 - Blog Token (6/13)”, we further utilized the gw machine to pivot into the internal network and access the Blog via an...
Pentestit Lab v10 - Blog Token (6/13)
In my previous post “Pentestit Lab v10 - Store Token (5/13)”, we took a step back to map the attack surface of the Store Web Application, utilized the compro...
Pentestit Lab v10 - Store Token (5/13)
In my previous post “Pentestit Lab v10 - SSH-Test Token (4/13)”, we utilized the compromised gw machine to pivot into the internal network, used previously c...
Pentestit Lab v10 - SSH-Test Token (4/13)
In my previous post “Pentestit Lab v10 - SSH Token (3/13)”, we leveraged newly found credentials for SSH Access on the gw machine, enumerated files and direc...
Pentestit Lab v10 - SSH Token (3/13)
In my previous post “Pentestit Lab v10 - Site Token (2/13)”, we mapped the attack surface of the GDS Blog, exploited a SQL Inject while bypassing the WAF fil...
Pentestit Lab v10 - Site Token (2/13)
In my previous post “Pentestit Lab v10 - Mail Token (1/13)”, we attained usernames through Intelligence Gathering, brute forced the SMTP Service, attained lo...
Pentestit Lab v10 - Mail Token (1/13)
In my previous post “Pentestit Lab v10 - Introduction & Network”, we covered the Network, and VPN Connection. Today we will be covering the first steps t...
Pentestit Lab v10 - Introduction & Network
Ever wondered how it feels like to hack a company? To breach their systems, traverse their network, and gain complete and total control of their domain - but...
SANS 2016 Holiday Hack Challenge
Happy Holidays and a Happy New Year 2017 readers! Thanks for joining me today as we go over the SANS 2016 Holiday Hack Challenge! Which honestly, was the mos...
VulnHub - Kioptrix 5
Welcome back to the Final Chapter of the Kioptrix VM Series!
VulnHub - Kioptrix 4
Welcome back to the Kioptrix VM Series!
VulnHub - Kioptrix 3
Welcome back to the Kioptrix VM Series!
VulnHub - Kioptrix 2
Welcome back to the Kioptrix VM Series!
VulnHub - Kioptrix 1
“Try Harder”… the quote that brings fear and confusion into every PWK participant; all working hard to obtain the prestigious OSCP Certificate.
VulnHub ‘SickOS: 1.1’ - CTF
Welcome back to another VulnHub CTF write-up! Today we will be pwning SickOS 1.1 - which can be found here on VulnHub.
VulnHub ‘Stapler: 1’ - CTF
Welcome back to my 2nd - VulnHub CTF! This time we will be tackling Stapler: 1!
VulnHub ‘Mr.Robot 1’ - CTF
When a bug finally makes itself known, it can be exhilarating, like you just unlocked something. A grand opportunity waiting to be taken advantage of. - M...
OverTheWire: ‘Natas’ Solutions 16-20
Welcome back! This post is the continuation of the Natas wargame from OverTheWire.
OverTheWire: ‘Natas’ Solutions 11-15
Welcome back! This post is the continuation of the Natas wargame from OverTheWire.
OverTheWire: ‘Natas’ Solutions 1-10
Web Hacking; one of the most dangerous attack vectors out on the internet in today’s world. Web Hackers have gotten away with millions of user accounts and p...
OverTheWire: ‘Leviathan’ Solutions 1-8
Leviathan: A large aquatic creature of some kind. The Bible refers to it as a fearsome beast having monstrous ferocity and great power. Today, the word has b...
OverTheWire: ‘Bandit’ Solutions 11-25
Hey, Welcome Back! This post is the continuation to the “Bandit” Wargame found at: overthewire.org.
OverTheWire: ‘Bandit’ Solutions 1-10
Over the past couple weeks, I have been digging deeper and deeper into the realm of penetration testing (or as many like to call it… hacking). I have been ob...