learning Relaxing for a bit, and learning at my pace I recently decided to take a bit of a break from work. I was overdoing it and burning out. It's working out for the best so far, and I'm feeling great. I slowed down and started learning at my own pace. Instead of forcing
pentesting It's been a while It's been a while since my last post. I've been working as an application pentester for a new company. It's been great, but the imposter syndrome is getting the best of me. What have I been up to?I've been focusing a lot on
http Quick tutorial on building a simple web browser In its simplest form, the browser is basically just requesting information from a web server, right? That's kind of what this exercise covers. I went through the exercise, and while it's stuff I already knew about, it was neat to see it broken down
hackthebox HTB post-game recap -- Passage Passage was a cool box overall. The hardest part for me was privesc. I had to get a lead from a buddy to show me what I was looking for. He said something along the lines of "ride the bus." The rest was a
learning Hack the Box -- Passage This is a write up of Passage on Hack the Box. NmapAs always, we start with our basic Nmap scans. The results are below: nux@KakaLinpoop:~/Documents/htb/boxes/passage/nmap$ nmap -T4 10.10.10.206 -p 22,80 -sC -oN scriptScans Starting
OWASP Learning Things: CSRF - Cross-Site Request Forgery I've heard the term multiple times, but I actually had no real idea what it was. Cross-Site Request Forgery, or CSRF (also somtimes pronounced as Sea-Surf). Well, I had the textbook definition that goes something like this: "it's a type of web attack that
OWASP Let's Learn: OWASP Top 10 - Security Misconfiguration I've known of the OWASP Top 10 for a while, but I can't say I've ever become deeply knowledgeable of the inner-workings of each. I've always understood them on a surface level that's maybe deep enough to pass your Sec+ or some other multiple-choice
nostalgia On Nostalgia and rewatching things Nostalgia makes ya feel niceI notice that I tend to center a lot of my day-to-day activities around nostalgia: movies, TV shows, old commercials, etc. I even enjoy watching stuff
python Today's learning: Simple Python Skills -- Is a number prime? I enjoy scripting, but I just haven't had the time to dedicate to improving my skillset. I know, that's just an excuse, but if I'm not at work, I'm studying up for my OSCP, or learning about web apps. I wish I could make
web apps Free resources for learning web app testing Web app testing is a cool space. There's a lot of new, interesting territory for someone like me who has been learning network pentesting. Both are a lot of fun, but web applications have so many interesting things going on that I've found I
OSCP No Spoiler Review -- HTB Delivery Did Delivery on HacktheBox yesterday. I worked with a friend who is also studying for his OSCP, so we were able to build off of each other's progress. The machine is designed by IppSec, the dude who does HTB walkthrough videos on YouTube. Overall,
cyber security Today's Reads - Feb 24, 2021 I've been at it still studying hard. It's a busy schedule when combined with work hours, but you gotta do what you gotta do. Part of my self-improvement involves reading some news so I can understand what's going on and what's new. Here are
What I'm Reading -- Feb 2021 Some stuff I've been reading:The Hacker Playbook 2 - here.The Hacker Playbook 3 – here.Web Application Hacker's Handbook 2 – here.I am mostly reading THP2 and the Wepp App book for now. I started THP3, but want to do my best to
OSCP Proving Grounds Practice My three readers know by now that my exam experience didn't go as I'd hoped. I've blown through certification exams before, but this was next-level. I went in feeling like I have kicked enough butt in the labs and in HTB to be able
OSCP Exam kicked my butt Well, I was hoping I wouldn't have to write this post. The exam kicked my butt. Bad. I was hoping this post would be more like, "Yo! I got my OSCP!" I studied quite a bit and felt like I was steamrolling the lab
OSCP Update: Still In the Labs Still doing labs. I've popped about 22 boxes. Still need to do more. Hopefully soon I will be posting to report that I've passed. Here's a review of the exam by my friend @opsdisk, who took it a while back (long before OffSec added
OSCP Sup? I know, I know. Looks like I've been flaking out. Well, I suppose I have, but for good reason. Still studying for the OSCP. Still working on becoming much better at enumeration than I currently am and still working on speeding up my buffer
OSCP My OSCP journey week 1 I've been working through the PWK labs. It's not the easiest, but I've rooted five boxes and I have a shell in another. I will work on privesc tomorrow. At this point, the boxes haven't been particularly difficult, but I still don't feel that
OSCP So Where are the Updates? I meant to post my writeup of OpenKeys yesterday, but Saturday also so happened to be the day that my PWK coursework arrived. Guess what took priority? Right now, I'm writing my notes in a private GitBook Repo. I'm trying to build a gameplan
learning Knowing what you don't know This career can be intimidating. Almost daily, I look at all the things I don't know and think to myself, "Crap, man. This is still a mystery to me." As I work with people who are in the same field, many of them who
hackthebox Hack the Box -- Haircut This is a relatively easy box. Figured I'd do it since it was on the TJ Null list of OSCP-like boxes. NmapWe start with Nmap: nux@KakaLinpoop:~/Documents/htb/boxes/haircut/nmap$ cat scriptScan # Nmap 7.91 scan initiated Wed Dec 2 22:44:
JavaScript Things I'm Learning Today -- 12.1.2020 I've been reading a lot about XSS lately. That and bug hunting. On the learning agenda for today: One hour of JavaScript on Code Academy Free. (I am not totally interested in JS, but like learning SQL, it can only help improve some of
ssh When ya gotta run SSH on more than one port I was working on a HTB challenge recently, and I am positive that the first time I completed the machine a few months ago, SSH access out from the box was allowed. Seems something changed, or I dunno, I got lucky. Not sure. Either
