Photo by vishnu vijayan on Pixabay

During an offensive security engagement it may not be a major vulnerability that leads to your end-goal, but a combination of lower severity findings compounded to make a larger impact. This post discusses information disclosure through NTLM authentication, which is one of those smaller vulnerabilities that can lead to greater attacks under the right circumstances. Additionally, we will demonstrate methods for invoking an NTLM challenge response, even when no login page is present, to coerce this information.


NTLM is a challenge/response authentication protocol utilized by Windows systems in which the user’s actual password is never sent over the wire. Instead…

Bash scripting is an easy concept that can allow bug bounty hunters to automate repetitive tasks and spend more time on advanced vulnerabilities, often resulting in higher payouts.

Tool chaining is just that, using Bash scripting to integrate multiple tools executed in a predefined pattern. This post discusses the use of tool chaining in bug bounty automation and introduces a new enumeration tool to add in your recon process!

Photo by Caspar Camille Rubin on Unsplash


Automation is the latest trend in bug bounty hunting, with new frameworks being released every day. This ranges from full-fledged solutions with user interfaces and back-end databases to collections of custom-built…

and how to get started for free!

Photo by Shahadat Rahman on Unsplash

Whether you are just getting started in cyber security or a seasoned veteran, having your own blog is a great way to showcase your research, establish your personal “brand”, and act as a single point of reference for later recall.

This post outlines how blogging can help boost your cybersecurity career and how to get started for free!

Why Create a Security Blog?

1. Increase Learning Opportunities

Throughout the process of writing a blog post, I constantly research and fact check my content to ensure accuracy. Of course, I may get a few things wrong every now and again. However, its a process and writing each blog post only…

Practical ncat — commands, usage, and real-word application

Photo by Cookie the Pom on Unsplash

Depending on your familiarity with Unix operating systems, you may have heard of the built-in networking utility netcat — also referred to as “The Swiss Army Knife of TCP/IP networking”.

Netcat is used for establishing connections over a network and capable of transferring data via UDP or TCP protocols. There have been dozens of great articles written on the tool and its various applications. However, this one aims to shed light on a modern re-implementation developed by the Nmap Project, ncat!

netcat vs. ncat vs. nc

Often times netcat, ncat, and nc are mentioned synonymously, as if…

and decipher the world of computer science

Photo by Bench Accounting on Unsplash

Whether your writing a professional report or your next Medium story, trying to convey technical subjects to your audience is no easy task. A clear focus and concise formatting can easily get lost in required pretext or lengthy code blocks.

As a cybersecurity consultant, interpreting complex tasks and making sense of various computer languages comes part of the job. However, it can be challenging to transcribe these subjects into fully comprehensible reports. While I am far from calling myself an expert, I have found 5 tips to consider that have helped me improve my technical writing.

1. Define your target audience

The first step to…

Take back control of your code base!

Photo by KOBU Agency on Unsplash

Maintaining the code base on your own personal blog or website can be a great learning experience. It teaches you about the design and architectural decisions involved in running a successful site, and allows for added flexibility outside of otherwise preset behaviors.

Additionally, this approach makes you less reliant on a single framework or platform. Should you need to move hosting providers, simply copy your files into another cpanel or web directory.

Despite these benefits however, there is a steep learning curve to maintaining your own site — beyond the notable coding knowledge required. For example, minor changes to a…

and jeopardizing your PCI compliance!

Photo by Ales Nesetril on Unsplash

What does it mean to be “PCI” compliant?

If you own a business or work in the industry, you’ve most likely heard of PCI and know maintaining compliance is critical for a business to continue accepting credit card payments.

For the rest of us however, “PCI” is an even shortened version of the acronym “PCI DSS”, which stands for Payment Card Industry Data Security Standard. This is a set of standards released by the PCI Security Standards Council that provide technical and operational baselines an organization must meet in order to handle credit card information. In other words, any organization processing credit card data needs to be compliant…

Have you ever installed a Python application, only to find out later the required dependencies replaced those of another critical application?

Python virtual environments can help eliminate this dependency nightmare and make the installation and management of your projects more sustainable. This post will review the concept of virtual environments and introduce three tools for applying safer dependency management practices.

Photo by AltumCode on Unsplash

What are Virtual Environments in Python?

Python virtual environments are isolated spaces that allow programs to run separate from the shared, system-wide installation. These environments are created in self-contained folders that consists of all required binaries for execution. …

Okay, so Slack can’t actually perform port scans! However, it can act as a communication channel to relay tasks, such as port scanning, to a remote server.

This post demonstrates how to use Slack to automate repetitive, resource intensive tasks during bug bounty hunting or any offensive security engagement. This comes with multiple benefits and ultimately frees up your primary host to continue testing until results are returned.

Photo by Stephen Phillips — on Unsplash


Port scanning is an essential step in the recon process that can lead to missed opportunities if left unchecked. …

Photo by Tumisu from Pixabay

LinkedIn is the world’s largest professional networking platform and used every day for recruiting, marketing, and connecting. However, it’s because of this that LinkedIn is also a great source for information gathering during penetration testing.

Through a company’s profile, it’s possible to collect a list of current employees and their position. This information can lead to spear phishing, password spraying, or other attacks against the organization. While there are various opensource tools to help collect and weaponize this information, I have always found one reason or anther to perform this process manually.

Until now…

CrossLinked was created to simplify the…


Cybersecurity | Pentester | Synack Red Team #OSCP —

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store