20 Tips for Certification Success

June 2, 2020
Over the years, it has been my experience that industry certifications have become standard for job consideration and/or advancement for many technical positions. This is, of course, in addition to having experience in the particular field. I obtained my first (modern-day) technical certification in 2014. It was the System Security Certified Practitioner (SSCP) offered by...

Automating a RedELK Deployment Using Ansible

May 28, 2020
As the red team infrastructure needs continue to expand (and grow more complicated), so does the need for infrastructure automation. Red teams are adopting DevOps to improve the speed at which their infrastructure is deployed, hence the rise in usage of tools such as Terraform and Ansible for red teams. In this post, we will...

Introducing Proxy Helper – A New WiFi Pineapple Module

May 26, 2020
I have had several occasions when I’ve been performing a pentest against an Android or iOS application, attempting to monitor the traffic with Burp Suite, only to realize that the application is not respecting my proxy settings. Now, if you have a rooted or jailbroken device, there are some ways you can force the application...

A Beginner’s Guide to Staying Safe/Anonymous Online

May 21, 2020
What is OSINT? It is probably safe to assume you have heard of OSINT at some point (Open Source INTelligence). However, if you have not, it can very generally be described as the collection and analysis of data gathered from publicly accessible sources. People who perform OSINT have a wide variety of sources they can...

Practical OAuth Abuse for Offensive Operations – Part 1

May 13, 2020
Background OAuth is an open authorization standard that facilitates unrelated servers and services working together, allowing access to their assets without sharing the initial, related, single logon credential. I have been thinking of it as a kind of Kerberos for external services, without a shared domain or forest. A familiar instance would be authentication to...

Developing with VBA for Script Kiddies

May 7, 2020
Introduction Now that I can read these macros and code snippets on stackexchange, how do I really make use of VBA? There must be more than meets the eye. How can I transform this BASIC code into something to pwn the world? I want to develop something! After learning the reason we should be looking...
  • Browse by Category

  • Clear Form