I was visiting my parents over the winter holiday back in 2018. The cold air nipped at my bare arms and the North East Coast breeze was a stark reminder of how much colder it gets versus the warmth of the West Coast; I was running outside to catch a phone call. My fingers had…
Tag: pentesting
What the OSCP doesn’t prepare you for in the workforce, and how to get caught up!
When I took my OSCP exam, I had less than two years of professional experience in the security space. While I did some of my own learning in terms of webapp testing, hackthebox scenarios, and the PWK (Pentesting with Kali) material, it doesn’t replace working alongside your peers on a security team. I did, and…
Homoglyphs and Bypassing Web Application Controls
As with most articles I write, this post comes from a particular engagement where I was tasked with re-testing fixes engineers put in place for a XSS (Cross-Site Scripting) vulnerability. While the details of the exploit will not be discussed here, the bypass technique using homoglyphs are fair game. What’s a ‘Homoglyph’? According to Wikipedia,…
Visualizing Network Scans and Identifying Relationships with Neo4j
Networks can be gigantic, period. Scanning from different network vantage points can also be challenging. The more and more I started getting into the weeds of a networking using Masscan and Nmap, the harder it was for me to make visual sense of its topology. Sure, I could use spreadsheets like everyone else but this…
Second Serving of the OSCP — My Exam Experience(s)
For the uninitiated, the Offensive Security Certified Professional (OSCP) is an ethical hacking certification that demonstrates a pentester’s ability to breach systems in a timed manner as well as document their findings in a professional and ethical manner. In the security world, the certification is the defacto entry-level certification known for its toughness coming from…