During an offensive security engagement it may not be a major vulnerability that leads to your end-goal, but a combination of lower severity findings compounded to make a larger impact. This post discusses information disclosure through NTLM authentication, which is one of those smaller vulnerabilities that can lead to greater…
Bash scripting is an easy concept that can allow bug bounty hunters to automate repetitive tasks and spend more time on advanced vulnerabilities, often resulting in higher payouts.
Tool chaining is just that, using Bash scripting to integrate multiple tools executed in a predefined pattern. This post discusses the use…
and how to get started for free!
Whether you are just getting started in cyber security or a seasoned veteran, having your own blog is a great way to showcase your research, establish your personal “brand”, and act as a single point of reference for later recall.
This post outlines how blogging can help boost your cybersecurity…
Practical ncat — commands, usage, and real-word application
Depending on your familiarity with Unix operating systems, you may have heard of the built-in networking utility netcat — also referred to as “The Swiss Army Knife of TCP/IP networking”.
Netcat is used for establishing connections over a network and capable of…
and decipher the world of computer science
Whether your writing a professional report or your next Medium story, trying to convey technical subjects to your audience is no easy task. A clear focus and concise formatting can easily get lost in required pretext or lengthy code blocks.
As a cybersecurity consultant, interpreting complex tasks and making sense…
Take back control of your code base!
Maintaining the code base on your own personal blog or website can be a great learning experience. It teaches you about the design and architectural decisions involved in running a successful site, and allows for added flexibility outside of otherwise preset behaviors.
Additionally, this approach makes you less reliant on…
and jeopardizing your PCI compliance!
What does it mean to be “PCI” compliant?
If you own a business or work in the industry, you’ve most likely heard of PCI and know maintaining compliance is critical for a business to continue accepting credit card payments.
For the rest of us however, “PCI” is an even shortened version of the acronym “PCI DSS”, which stands…
Have you ever installed a Python application, only to find out later the required dependencies replaced those of another critical application?
Python virtual environments can help eliminate this dependency nightmare and make the installation and management of your projects more sustainable. …
Okay, so Slack can’t actually perform port scans! However, it can act as a communication channel to relay tasks, such as port scanning, to a remote server.
This post demonstrates how to use Slack to automate repetitive, resource intensive tasks during bug bounty hunting or any offensive security engagement. …
LinkedIn is the world’s largest professional networking platform and used every day for recruiting, marketing, and connecting. However, it’s because of this that LinkedIn is also a great source for information gathering during penetration testing.
Through a company’s profile, it’s possible to collect a list of current employees and their…
