New Content!Hello! If you happen to find this page, all content has been moved and will be published to my new site going forward.Mar 11, 2022Mar 11, 2022
Timing-Based Username Enumeration: What’s a fix versus mitigation?For web-based applications, Timing-based Username Enumeration is a great find. For testers it’s low-hanging fruit and a great way to…Jan 7, 2022Jan 7, 2022
Mindset for hacking GraphQL ApplicationsI’ve tried to summarize a lot of information from HackTricks, YouTube, HTB write-ups, disclosed vulnerabilities, and the GraphQL…Nov 23, 2021Nov 23, 2021
Shell Games — A closer look at the behavior of different msfvenom shellsDuring a recent engagement I had the chance to test various payloads against a few different endpoint detection tools. Think of anti-virus…Oct 13, 2021Oct 13, 2021
Leveraging Postman Collections for Offensive Webapp TestingI was recently in an engagement with a web application that was interconnected with about half a dozen services while offering up a few…Aug 13, 2021Aug 13, 2021
How to configure Android Studio with BurpSuiteLet’s say you’ve been assigned some mobile work. You’re a pentester, mobile developer, or just a tinkerer who needs to be able to see…Jun 11, 2021Jun 11, 2021
A week without “why” and how it changed my thinkingTruth be told, and if I’m being a bit candid, I really dislike the word “why”. Now, if you find yourself asking inside your head, “but…Jun 2, 2021Jun 2, 2021
The mental tweak that helped me on my OSCP journeyIn a previous post, I highlighted my overall OSCP experience. The high-level ideas around education, studying, and exam attempts are there…Mar 8, 2021Mar 8, 2021
How to set up(and secure) a Samba media server for Chromecast usage (in 20 minutes or less!)Over the last few months, my primary focus has been hacking. As an attacker, seeing file-sharing systems like Samba, FTP, and NFS get me…Feb 24, 2021Feb 24, 2021
Second Serving of the OSCP -My Exam Experience(s)For the uninitiated, the Offensive Security Certified Professional (OSCP) is an ethical hacking certification that demonstrates a…Feb 22, 2021Feb 22, 2021