Articles

I finally obtained my first security-related certification, the Burp Suite Certified Practitioner. Here's are my thoughts.

To bolster my SQL Injection knowledge, I took a break from the usual boxes, brushed up on some PortSwigger labs, and tried to automate the process as a learning exercise.

A writeup for the excellent, and somewhat challenging box Scrambled. Released in June, this box takes us through exploiting Kerberos Service Accounts and abusing .NET serialization.

A walkthrough of the Robust box, which was rated by OffSec as easy but certainly wasn't for me. We cover fuzzing, SQL injection, custom headers and a bit more!

A run-down of the processes and techniques I use to enumerate a web server, whether it be Apache or IIS. We'll cover the techniques and tools I use to get as much information as possible.

A summary of some of the most valuable techniques to break out of Javascript strings and avoid WAF filters.

A walkthrough of Exfiltrated, on OffSecs Proving Grounds (Practice) labs.