Hacking, Red Teaming, Offensive Engineering
I was visiting my parents over the winter holiday back in 2018. The cold air nipped at my bare arms and the North East Coast breeze was a stark reminder of how much colder it gets versus the warmth of the West Coast; I was running outside to catch a phone call. My fingers had…
When I took my OSCP exam, I had less than two years of professional experience in the security space. While I did some of my own learning in terms of webapp testing, hackthebox scenarios, and the PWK (Pentesting with Kali) material, it doesn’t replace working alongside your peers on a security team. I did, and…
Introduction Docker is amazing – period. Having used Docker in personal and professional settings has been incredibly useful. The big idea here is that if an application can be “containerized” using Docker, it can run anywhere the Docker engine is installed. Most importantly, and interestingly, Docker containers can be configured to run just about anything….
As with most articles I write, this post comes from a particular engagement where I was tasked with re-testing fixes engineers put in place for a XSS (Cross-Site Scripting) vulnerability. While the details of the exploit will not be discussed here, the bypass technique using homoglyphs are fair game. What’s a ‘Homoglyph’? According to Wikipedia,…
I’ve tried to summarize a lot of information from HackTricks, YouTube, HTB write-ups, disclosed vulnerabilities, and the GraphQL documentation to come up with succinct notes on GraphQL. This way you don’t need to be an expert to focus on what’s important. I’m not claiming to be an expert on GraphQL, but enough to know what…
Let’s say you’ve been assigned some mobile work. You’re a pentester, mobile developer, or just a tinkerer who needs to be able to see traffic flowing to and from your Android device. Chances are you’re going to want to use BurpSuite to help make your life a little bit easier. Problem is that the instructions…
In a previous post, I highlighted my overall OSCP experience. The high-level ideas around education, studying, and exam attempts are there, but I wanted to touch on something that I didn’t elaborate on — mindset. A lot of the OSCP prep feels like a grind. Enumerate a machine, find something vulnerable, exploit, elevate privileges, repeat. Over time,…