Free Steamed Eggs with a Side of XSS
12 November 2023
Short story of a misadventure at a Korean Barbecue restaurant which lead to the discovery of a Cross-Site Scripting vulnerability.
Offensive Security Rants & Threat Actor Roleplay
12 November 2023
Short story of a misadventure at a Korean Barbecue restaurant which lead to the discovery of a Cross-Site Scripting vulnerability.
21 October 2023
Leveraging Google AMP to exploit an Open Redirection vulnerability that had an allowlist configured. Aka, leverage Google AMP or similarly configured services for fun and profit during testing.
25 August 2023
Can't crack an NTLMv2 to plaintext during an engagement? Have you tried Hashcat's 27100 mode?
19 February 2023
That time I (hacked) obtained a root shell on a $60,000 lighting console while waiting for Beartooth to go on stage and ended up getting a CVE out of it.
03 June 2022
An informative blog post detailing my first time setting up, configuring, and leveraging Mythic C2 to obtain multiple shells on both a Windows and Linux host as well as some basic post-exploitation activities.
10 May 2022
Securing infrastructure (almost) automagically with CrowdSec. Learn how to setup CrowdSec, configure Bouncers, and view logs/alerts. Also, in typical offensive security fashion, we're going to be the one performing attacks against the CrowdSec installation.