Reading about contributing to open source projects I think the idea of contributing to open-source is really cool. A friend recently told me that's a good way to build up my coding chops. Coding is one of those things I've never been particularly good at. I can sort of, more or less, get around and figure somehting
xss Adventures in bug hunting: Some XSS and access control fun Occassionally, I will screw around and dig for bugs in web applications. It can be rewarding, because you're looking at something that's not intended to be vulnerable. You get to be kind of creative and poke around at something and learn how it works. I recently found some cool XSS
web application testing What I'm reading this week I've been working more and more on finding my "thing." InfoSec is hard like that. There is so much to dive into that everything seems interesting at all times, and at different times. For instance, digging into coding seems fun one week, then learning about web applications is fun another
How do you read code? Yeah. That's a question I was asking myself today. I am able to read code that I am looking at, but I have a lot of trouble kind of piecing all of it together. This happens a lot when I am reading scripts. I get the main idea, but there's
learning On building your skillset Right now I've been reading The Hacker Playbook 3. I've had it for a while, but I always only read bits and pieces. I started reading it again, and there's some good stuff. Where the THP2 is more focused on pentesting skills, THP3 is more about the Red Team. It
learning python Humble Bundle Black Hat Python 2nd Edition CoverThis post started because I was going to recommend Black Hat Python 2nd Edition. Then I realized it was part of a Humble Bundle, so basically, for the price of the eBook, you can get 18 books: * https://www.humblebundle.com/books/hacking-by-no-starch-press-books It's a
JWT What'd I do this week? Learned about JWTs. That's what. This week I spent some time learning about JSON Web Tokens (JWTs). I had read about them in the past, but never really taken the time to dive in and really learn about them. Check it, RFC7519 [https://datatracker.ietf.org/doc/html/rfc7519] covers JWTs. Let's take a quick
ssh Learn SSH Tunnelz -- Now for free Just giving a shout to my buddy Brennon. He's put a lot of work into this book. It's a really great learning experience and taught me a ton. If you're reading this, you've probably seen me write about it already. He made it free recently, and it's a really great
learning Relaxing for a bit, and learning at my pace I recently decided to take a bit of a break from work. I was overdoing it and burning out. It's working out for the best so far, and I'm feeling great. I slowed down and started learning at my own pace. Instead of forcing myself to cram new information every
pentesting It's been a while It's been a while since my last post. I've been working as an application pentester for a new company. It's been great, but the imposter syndrome is getting the best of me. What have I been up to? I've been focusing a lot on learning some new skills. Trying to
http Quick tutorial on building a simple web browser In its simplest form, the browser is basically just requesting information from a web server, right? That's kind of what this exercise covers. I went through the exercise, and while it's stuff I already knew about, it was neat to see it broken down in a simple script. Check out
hackthebox HTB post-game recap -- Passage Passage was a cool box overall. The hardest part for me was privesc. I had to get a lead from a buddy to show me what I was looking for. He said something along the lines of "ride the bus." The rest was a ton of Googling anything I found
learning Hack the Box -- Passage This is a write up of Passage on Hack the Box. Nmap As always, we start with our basic Nmap scans. The results are below: nux@KakaLinpoop:~/Documents/htb/boxes/passage/nmap$ nmap -T4 10.10.10.206 -p 22,80 -sC -oN scriptScans Starting Nmap 7.91 ( https://nmap.
OWASP Learning Things: CSRF - Cross-Site Request Forgery I've heard the term multiple times, but I actually had no real idea what it was. Cross-Site Request Forgery, or CSRF (also somtimes pronounced as Sea-Surf). Well, I had the textbook definition that goes something like this [https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_
OWASP Let's Learn: OWASP Top 10 - Security Misconfiguration I've known of the OWASP Top 10 for a while, but I can't say I've ever become deeply knowledgeable of the inner-workings of each. I've always understood them on a surface level that's maybe deep enough to pass your Sec+ or some other multiple-choice exam (not a knock on multiple
nostalgia On Nostalgia and rewatching things Nostalgia makes ya feel nice I notice that I tend to center a lot of my day-to-day activities around nostalgia: movies, TV shows, old commercials, etc. I even enjoy watching stuff from before my time, like old 50s-era television ads and movies. I found a couple of articles that cover
python Today's learning: Simple Python Skills -- Is a number prime? I enjoy scripting, but I just haven't had the time to dedicate to improving my skillset. I know, that's just an excuse, but if I'm not at work, I'm studying up for my OSCP, or learning about web apps. I wish I could make more time in the day, but
web apps Free resources for learning web app testing Web app testing is a cool space. There's a lot of new, interesting territory for someone like me who has been learning network pentesting. Both are a lot of fun, but web applications have so many interesting things going on that I've found I kind of dig it. That said,
OSCP No Spoiler Review -- HTB Delivery Did Delivery on HacktheBox yesterday. I worked with a friend who is also studying for his OSCP, so we were able to build off of each other's progress. The machine is designed by IppSec, the dude who does HTB walkthrough videos on YouTube. Overall, I have to say it was
cyber security Today's Reads - Feb 24, 2021 I've been at it still studying hard. It's a busy schedule when combined with work hours, but you gotta do what you gotta do. Part of my self-improvement involves reading some news so I can understand what's going on and what's new. Here are today's quick reads: * PortSwigger top web
What I'm Reading -- Feb 2021 Some stuff I've been reading: * The Hacker Playbook 2 - here [https://www.amazon.com/dp/B01072WJZE/ref=dp-kindle-redirect?_encoding=UTF8&btkr=1] . * The Hacker Playbook 3 – here [https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing-ebook/dp/B07CSPFYZ2/ref=sr_1_3?dchild=1&keywords=hacker+playbook+3&qid=1613315827&s=digital-text&sr=
OSCP Proving Grounds Practice My three readers know by now that my exam experience didn't go as I'd hoped. I've blown through certification exams before, but this was next-level. I went in feeling like I have kicked enough butt in the labs and in HTB to be able to do it pretty easily. Nope.
OSCP Exam kicked my butt Well, I was hoping I wouldn't have to write this post. The exam kicked my butt. Bad. I was hoping this post would be more like, "Yo! I got my OSCP!" I studied quite a bit and felt like I was steamrolling the lab machines. They weren't terribly difficult and
OSCP Update: Still In the Labs Still doing labs. I've popped about 22 boxes. Still need to do more. Hopefully soon I will be posting to report that I've passed. Here's a review of the exam by my friend @opsdisk, who took it a while back (long before OffSec added the 2020 material.) - https://blog.
