How do you read code? Yeah. That's a question I was asking myself today. I am able to read code that I am looking at, but I have a lot of trouble kind of piecing all of it together. This happens a lot when I am reading scripts. I
learning On building your skillset Right now I've been reading The Hacker Playbook 3. I've had it for a while, but I always only read bits and pieces. I started reading it again, and there's some good stuff. Where the THP2 is more focused on pentesting skills, THP3 is
learning python Humble Bundle Black Hat Python 2nd Edition CoverThis post started because I was going to recommend Black Hat Python 2nd Edition. Then I realized it was part of a Humble Bundle, so basically, for the price of the eBook, you can get 18 books: https://www.
JWT What'd I do this week? Learned about JWTs. That's what. This week I spent some time learning about JSON Web Tokens (JWTs). I had read about them in the past, but never really taken the time to dive in and really learn about them. Check it, RFC7519 covers JWTs. Let's take a quick look
ssh Learn SSH Tunnelz -- Now for free Just giving a shout to my buddy Brennon. He's put a lot of work into this book. It's a really great learning experience and taught me a ton. If you're reading this, you've probably seen me write about it already. He made it free
learning Relaxing for a bit, and learning at my pace I recently decided to take a bit of a break from work. I was overdoing it and burning out. It's working out for the best so far, and I'm feeling great. I slowed down and started learning at my own pace. Instead of forcing
pentesting It's been a while It's been a while since my last post. I've been working as an application pentester for a new company. It's been great, but the imposter syndrome is getting the best of me. What have I been up to?I've been focusing a lot on
http Quick tutorial on building a simple web browser In its simplest form, the browser is basically just requesting information from a web server, right? That's kind of what this exercise covers. I went through the exercise, and while it's stuff I already knew about, it was neat to see it broken down
hackthebox HTB post-game recap -- Passage Passage was a cool box overall. The hardest part for me was privesc. I had to get a lead from a buddy to show me what I was looking for. He said something along the lines of "ride the bus." The rest was a
learning Hack the Box -- Passage This is a write up of Passage on Hack the Box. NmapAs always, we start with our basic Nmap scans. The results are below: nux@KakaLinpoop:~/Documents/htb/boxes/passage/nmap$ nmap -T4 10.10.10.206 -p 22,80 -sC -oN scriptScans Starting
OWASP Learning Things: CSRF - Cross-Site Request Forgery I've heard the term multiple times, but I actually had no real idea what it was. Cross-Site Request Forgery, or CSRF (also somtimes pronounced as Sea-Surf). Well, I had the textbook definition that goes something like this: "it's a type of web attack that
OWASP Let's Learn: OWASP Top 10 - Security Misconfiguration I've known of the OWASP Top 10 for a while, but I can't say I've ever become deeply knowledgeable of the inner-workings of each. I've always understood them on a surface level that's maybe deep enough to pass your Sec+ or some other multiple-choice
nostalgia On Nostalgia and rewatching things Nostalgia makes ya feel niceI notice that I tend to center a lot of my day-to-day activities around nostalgia: movies, TV shows, old commercials, etc. I even enjoy watching stuff
python Today's learning: Simple Python Skills -- Is a number prime? I enjoy scripting, but I just haven't had the time to dedicate to improving my skillset. I know, that's just an excuse, but if I'm not at work, I'm studying up for my OSCP, or learning about web apps. I wish I could make
web apps Free resources for learning web app testing Web app testing is a cool space. There's a lot of new, interesting territory for someone like me who has been learning network pentesting. Both are a lot of fun, but web applications have so many interesting things going on that I've found I
OSCP No Spoiler Review -- HTB Delivery Did Delivery on HacktheBox yesterday. I worked with a friend who is also studying for his OSCP, so we were able to build off of each other's progress. The machine is designed by IppSec, the dude who does HTB walkthrough videos on YouTube. Overall,
cyber security Today's Reads - Feb 24, 2021 I've been at it still studying hard. It's a busy schedule when combined with work hours, but you gotta do what you gotta do. Part of my self-improvement involves reading some news so I can understand what's going on and what's new. Here are
What I'm Reading -- Feb 2021 Some stuff I've been reading:The Hacker Playbook 2 - here.The Hacker Playbook 3 – here.Web Application Hacker's Handbook 2 – here.I am mostly reading THP2 and the Wepp App book for now. I started THP3, but want to do my best to
OSCP Proving Grounds Practice My three readers know by now that my exam experience didn't go as I'd hoped. I've blown through certification exams before, but this was next-level. I went in feeling like I have kicked enough butt in the labs and in HTB to be able
OSCP Exam kicked my butt Well, I was hoping I wouldn't have to write this post. The exam kicked my butt. Bad. I was hoping this post would be more like, "Yo! I got my OSCP!" I studied quite a bit and felt like I was steamrolling the lab
OSCP Update: Still In the Labs Still doing labs. I've popped about 22 boxes. Still need to do more. Hopefully soon I will be posting to report that I've passed. Here's a review of the exam by my friend @opsdisk, who took it a while back (long before OffSec added
OSCP Sup? I know, I know. Looks like I've been flaking out. Well, I suppose I have, but for good reason. Still studying for the OSCP. Still working on becoming much better at enumeration than I currently am and still working on speeding up my buffer
OSCP My OSCP journey week 1 I've been working through the PWK labs. It's not the easiest, but I've rooted five boxes and I have a shell in another. I will work on privesc tomorrow. At this point, the boxes haven't been particularly difficult, but I still don't feel that
OSCP So Where are the Updates? I meant to post my writeup of OpenKeys yesterday, but Saturday also so happened to be the day that my PWK coursework arrived. Guess what took priority? Right now, I'm writing my notes in a private GitBook Repo. I'm trying to build a gameplan