I am currently pursuing my OSCP, but every now and then I like to take a break and mess with my homelab or take a look at some challenges. Yesterday on a slack I participate on, someone posted a link to a BSidesSF CTF that was ongoing with their account Continue Reading
web app pentest – Schmidt Happens – InfoSec Blog
I am in a fortunate position where I conduct Web Application Penetration Tests quite often. I love it. I get to see all sorts of different types of applications, environments, web technologies, and I’m met with new challenges almost every assessment. It is fun getting creative, learning new attack methods, Continue Reading
CTF – Schmidt Happens – InfoSec Blog
I am currently pursuing my OSCP, but every now and then I like to take a break and mess with my homelab or take a look at some challenges. Yesterday on a slack I participate on, someone posted a link to a BSidesSF CTF that was ongoing with their account Continue Reading
December 2019 – Schmidt Happens – InfoSec Blog
For the past 6 months I’ve been hosting a Cybersecurity meetup in Charlotte, North Carolina primarily focusing on Offensive Security topics. I couldn’t be happier with how things have been running. We have had a steady group of people coming back time and time again and I am so proud Continue Reading
eLearnSecurity WAPTv3 training begins – Schmidt Happens – InfoSec Blog
There is a saying in the Marine Corps that many Marines follow: “Complacency kills”. This essentially means that once you let your guard down and get comfortable, that’s when you’re at your most vulnerable. When you’re vulnerable, that’s when things can go sideways real quick. I think it is important Continue Reading
May 2021 – Schmidt Happens – InfoSec Blog
Update (2/1/2022): I’ve made some small updates and changes to this article since originally posting. 1) Updated CPEH > PNPT. 2) Expanded on realism of exam vs. actual penetration tests. 3) Updated the bottom line. 4) Updated cert badge and certificate at bottom. Quick Facts: Practical exam, no multiple choice Continue Reading
CVE-2020-28408 & CVE-2020-28409 – Multiple Persistent XSS Discovered in Dundas BI Server – Schmidt Happens – InfoSec Blog
Content here will be expanded on upon later, for now this serves as a quick description and write-up. Overview Dundas BI server has two stable release versions available for download for customers. Version 7.0.2.1009 and Version 8.0.0.1001. Both product versions contain persistent cross-site scripting (XSS) vulnerabilities in the same location. Continue Reading
Achievement – Schmidt Happens – InfoSec Blog
Update (2/1/2022): I’ve made some small updates and changes to this article since originally posting. 1) Updated CPEH > PNPT. 2) Expanded on realism of exam vs. actual penetration tests. 3) Updated the bottom line. 4) Updated cert badge and certificate at bottom. Quick Facts: Practical exam, no multiple choice Continue Reading
(External Blog Post) XMPie, a Xerox Company, UStore Vulnerabilities Discovered – Schmidt Happens – InfoSec Blog
Recently during an External Penetration Test, a colleague of mine (Matthew Hier) and I came across some vulnerabilities on a commercial-of-the-shelf (COTS) eCommerce platform called XMPie uStore. The following blog post talks about what we discovered, our recommended remediation, and how we reached out to the Vendor and got ghosted Continue Reading
May 4, 2021 – Schmidt Happens – InfoSec Blog
Update (2/1/2022): I’ve made some small updates and changes to this article since originally posting. 1) Updated CPEH > PNPT. 2) Expanded on realism of exam vs. actual penetration tests. 3) Updated the bottom line. 4) Updated cert badge and certificate at bottom. Quick Facts: Practical exam, no multiple choice Continue Reading