This post will be updated with more information soon. A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent. Proof-of-Concept: By utilizing the built-in markdown editing, Continue Reading

For the past 6 months I’ve been hosting a Cybersecurity meetup in Charlotte, North Carolina primarily focusing on Offensive Security topics. I couldn’t be happier with how things have been running. We have had a steady group of people coming back time and time again and I am so proud Continue Reading

First off, thanks for visiting my page. I am very passionate about NetSec / Cybersecurity, and have gone in some detail here about how I found my passion. If interested, please take a couple minutes to check that out. Education: B.S. Information Technology – Towson University College Cyber Defense Team Continue Reading

Recently during an External Penetration Test, a colleague of mine (Matthew Hier) and I came across some vulnerabilities on a commercial-of-the-shelf (COTS) eCommerce platform called XMPie uStore. The following blog post talks about what we discovered, our recommended remediation, and how we reached out to the Vendor and got ghosted Continue Reading

IPv6 is often seen as a mystical protocol by many folks and its scary to think about making the transition from IPv4. What’s even scarier is it’s likely already in place within your organization and attackers can leverage it against you! Further, companies are quickly rolling out IPv6 within their Continue Reading

Part I: Part I: Requirements / Installing Operating Systems Part II: Part II: Setting up Active Directory Part III: Part III: Joining Windows 10 to Domain, Mapping Shared Folder, & Quick Kali Configuration Part IV: Part IV: Attacking Welcome back to LLMNR Poisoning. This is Part II of the series Continue Reading

A while back I was assigned a mobile application penetration test. I was met with a unique challenge of testing an Android application, but found there to be challenges with Android accepting user supplied certificates (i.e. burp suite cert). Because of this, I couldn’t properly proxy the traffic from my Continue Reading

IPv6 is often seen as a mystical protocol by many folks and its scary to think about making the transition from IPv4. What’s even scarier is it’s likely already in place within your organization and attackers can leverage it against you! Further, companies are quickly rolling out IPv6 within their Continue Reading

A while back I was assigned a mobile application penetration test. I was met with a unique challenge of testing an Android application, but found there to be challenges with Android accepting user supplied certificates (i.e. burp suite cert). Because of this, I couldn’t properly proxy the traffic from my Continue Reading

A while back I was assigned a mobile application penetration test. I was met with a unique challenge of testing an Android application, but found there to be challenges with Android accepting user supplied certificates (i.e. burp suite cert). Because of this, I couldn’t properly proxy the traffic from my Continue Reading