I wanted to add a bit of a personal flair to the site. One of my hobbies is reading and listening to audiobooks so I figured I’d throw down mini-reviews of each book I read throughout the year and leave them here. This is mostly an exercise for me to…
1 CommentAuthor: admin
LayerOne 2018 CTF – Forensics Challenges
LayerOne is an information security conference in LA which hosts one of the more enjoyable CTFs that I’ve participated in. This is the third in a series of a few post I am writing which goes over the solution of some of the CTF challenges. This post covers some forensics…
Leave a CommentLayerOne 2018 CTF – Web Category
LayerOne is an information security conference in LA which hosts one of the more enjoyable CTFs that I’ve participated in. This is the third in a series of a few post I am writing which goes over the solution of some of the CTF challenges. This post covers Web challenges.…
Leave a CommentLayerOne 2018 CTF – Cyber Kill Chain Category
LayerOne is an information security conference in LA which hosts one of the more enjoyable CTFs that I participate in. This is the second in a series of a few post I am writing which goes over the solution of some of the CTF challenges. These challenge emphasize the importance…
Leave a CommentLayerOne 2018 CTF – Blockchain Challenge Category
LayerOne is an information security conference in LA which hosts one of the more enjoyable CTFs that I participate in. This is the first in a series of a few post I am writing which goes over the solution of some of the CTF challenges. The Challenges This first write-up…
Leave a CommentPhish Yourself! – A practical guide to running an internal phishing campaign.
Social engineering, in particular through the medium of email, is very likely the greatest threat to an average organization. While 0-days do come around and pose real threats to organizations and many of them do not implement strong patch management programs, phishing is simply easier and more effective for the…
1 CommentRecon Part 4 – theHarvester and Recon-ng
TheHarvester I’m going to present this tool in two ways to show simultaneously how cool this utility is and the slightly less impressive way it is actually done: What appears to happen: Type in a username, receive a list of sites that user exists as a member. Type in a…
Leave a CommentBattalion – Automating Recon
Introducing Battalion Over the past 2.5 months a friend – @eidolonpg – and I have been working on a tool which was spawned from the previous articles written here. If you’ve read the past few posts have been about ‘Reconnaissance’ and, lately, chaining various recon tools together you’ll understand how this…
Leave a CommentRecon Part 3.5 – HaveIBeenPwned?
This is a quick write-up on the amazing HaveIBeenPwned Database maintained by Troy Hunt. https://haveibeenpwned.com. If you haven’t seen it, check it out! I recently discovered there isa public API to query the breach databases and decided I wanted to notify employees at my company if their account was involved…
Leave a CommentRecon Part 3 – Gobuster and EyeWitness
Gobuster TheColonial wrote a really cool tool called Gobuster which is similar to fierce but programmed in Go. I wanted to include it here because I tend to have better performance using this tool than fierce, by a LOT. Gobuster can be found on github here. There are a few issues to…
Leave a Comment