I am in a fortunate position where I conduct Web Application Penetration Tests quite often. I love it. I get to see all sorts of different types of applications, environments, web technologies, and I’m met with new challenges almost every assessment. It is fun getting creative, learning new attack methods, Continue Reading

Recently during an External Penetration Test, a colleague of mine (Matthew Hier) and I came across some vulnerabilities on a commercial-of-the-shelf (COTS) eCommerce platform called XMPie uStore. The following blog post talks about what we discovered, our recommended remediation, and how we reached out to the Vendor and got ghosted Continue Reading

Recently during an External Penetration Test, a colleague of mine (Matthew Hier) and I came across some vulnerabilities on a commercial-of-the-shelf (COTS) eCommerce platform called XMPie uStore. The following blog post talks about what we discovered, our recommended remediation, and how we reached out to the Vendor and got ghosted Continue Reading

I have finally earned my OSCP certification, and I figured I’d update the ol’ blog with a couple thoughts of what I really think helped me out mentally. This post will not serve as a guide for specific tools, techniques, or tactics — rather to explain my mindset through out Continue Reading

Recently during an External Penetration Test, a colleague of mine (Matthew Hier) and I came across some vulnerabilities on a commercial-of-the-shelf (COTS) eCommerce platform called XMPie uStore. The following blog post talks about what we discovered, our recommended remediation, and how we reached out to the Vendor and got ghosted Continue Reading

I’ve found myself giving people plenty of pointers and links that I think helped me out when I was doing the PWK coursework and the labs for OSCP. So because of that, I figured I’d actually collect everything in one spot and I can just refer anyone interested here. I’ll Continue Reading

I promised I would make a quick post detailing my CVE submission process, so here it is. Initial Discovery October 20th 2020: I initially discovered this vulnerability while performing a Web Application Penetration Test for a client. In doing a bit more research, I found out that there was only Continue Reading

As of lately, I’ve been trying to level-up my Web App knowledge by going through some Portswigger Web Academy labs and articles. Recently, I’ve just finished the 30 labs required to complete the Cross-Site Scripting (XSS) section, and have really been enjoying it. Since I’ve had a couple people ask Continue Reading

Part I: Part I: Requirements / Installing Operating SystemsPart II: Part II: Setting up Active DirectoryPart III: Part III: Joining Windows 10 to Domain, Mapping Shared Folder, & Quick Kali ConfigurationPart IV: Part IV: Attacking Introduction: This is part one of a series of posts I’ll be making on performing Continue Reading

PREP Gathering some good ol’ links here that should be beneficial in some way for my pursuit of the OSCP. Got many of these links from other people and from scrolling through reddit r/asknetsec, r/netsecstudents. Template intermediate lab documentation 411hall.github.io Scripts OSCP-2 Codingo Github Reconnoitre – Codingo Github https://411hall.github.io/JAWS-Enumeration/ https://github.com/PowerShellMafia/PowerSploit/tree/master/Privesc Continue Reading