-
Deception Technology 101 – from a Deception Engineer
•
we are not only engineering technical solutions to serve as decoys, canaries, etc, we are also engineering environments and, most importantly, we are storytellers.
-
How I transitioned into security, and what I would do differently (2022 edition)
•
I was visiting my parents over the winter holiday back in 2018. The cold air nipped at my bare arms and the North East Coast breeze was a stark reminder of how much colder it gets versus the warmth of the West Coast; I was running outside to catch a phone call. My fingers…
-
What the OSCP doesn’t prepare you for in the workforce, and how to get caught up!
•
When I took my OSCP exam, I had less than two years of professional experience in the security space. While I did some of my own learning in terms of webapp testing, hackthebox scenarios, and the PWK (Pentesting with Kali) material, it doesn’t replace working alongside your peers on a security team. I did,…
-
Homoglyphs and Bypassing Web Application Controls
•
As with most articles I write, this post comes from a particular engagement where I was tasked with re-testing fixes engineers put in place for a XSS (Cross-Site Scripting) vulnerability. While the details of the exploit will not be discussed here, the bypass technique using homoglyphs are fair game. What’s a ‘Homoglyph’? According to…
-
Visualizing Network Scans and Identifying Relationships with Neo4j
•
Networks can be gigantic, period. Scanning from different network vantage points can also be challenging. The more and more I started getting into the weeds of a networking using Masscan and Nmap, the harder it was for me to make visual sense of its topology. Sure, I could use spreadsheets like everyone else but…
-
Second Serving of the OSCP — My Exam Experience(s)
•
For the uninitiated, the Offensive Security Certified Professional (OSCP) is an ethical hacking certification that demonstrates a pentester’s ability to breach systems in a timed manner as well as document their findings in a professional and ethical manner. In the security world, the certification is the defacto entry-level certification known for its toughness coming…