Pentest War Stories-ish
🍃Quote of the week: Always look for ways to chain bugs to increase the impact - one crit is cooler than two mediums.
Read More
There is more to Burp Suite than meets the eye...
🍃Quote of the week: Java sucks! ~ Tim Tomes What To Expect 🫡 🤯There’s a lot more to Burp Suite than meets the eye - Tim Tome’s PBAT course 💻Build vulnerable labs, you’ll get better at hacking 📈How to get better at hacking - get out of your comfort zone Burp Suite is amazing🤯 I recently took the PBAT training by Tim Tomes (author of Recon-ng, Py-scripter, and HoneyBadger v2) as part of the training provided at the NorthSec conference and as soon as we started I realized how much I did not know about Burp Suite.
Read More
The Quickest Route To Domain Admin?
🍃Quote of the week: Getting domain admin is exciting, but it is just the beginning ~ Nikhil Mittal
Read More
The Dangers of Over-Permissive CORS
🍃Quote of the week: In the world of security, there is no feature that is misunderstood more than CORS. It’s a tool designed to allow developers to work more freely, yet, without proper implementation, it becomes a gaping hole in our web application’s defense ~ Troy Hunt
Read More
Security frameworks and compliance stuff are for old heads, right?
🍃Quote of the week: Being compliant does not automatically equate to being fully secure ~ ChatGPT I think
Read More
You get a CVE, he gets a CVE, you all get CVEs
🍃Quote of the week: Job security = being very good at your job and being valuable and wanted everywhere. Have that group of peers who can give you a job tomorrow. That is real job security
Read More
SQLi is still a thing?
🍃Quote of the week: SQL injection is one of the least sophisticated yet most dangerous threats to web application security ~ Kevin Mitnick
Read More