-
Basic Pentesting – 2 Walkthrough | Vulnhub
Another Walkthrough of the Basic Pentesting series on Basic Pentesting: 2 VulnhubMachine made by Josiah Pierce. It contains multiple remote vulnerabilities and multiple privilege escalation vectors. For more details or for downloading the machine go here. If you’ve solved the Basic Pentesting: 1 then this Machine is good for the next step and challenging one….
-
Basic Pentesting – 1 Walkthrough | Vulnhub
This walkthrough covers Basic Pentesting: 1, a Vulnhub machine created by Josiah Pierce. It contains multiple remote vulnerabilities and several privilege escalation vectors. For more details or to download the machine, visit the official Vulnhub page. After setting up the machine, I started by scanning the entire network using Nmap with a ping scan to…
-
Advanced web application fingerprinting with favicon hashes
In this blog, I cover leveraging favicons to fingerprint the technology that powers any given web application. Favicons can help group similar applications together, as well as pinpoint the technical stack behind the application.
-
Exploiting CI / CD Pipelines for fun and profit
In today’s world of fast-paced development and continuous integration, security vulnerabilities can be easy to overlook. Recently, I discovered a severe exploit chain, starting from a publicly exposed .git directory, which led to a full server takeover. This blog will walk through the chain of events, outlining how each weak point compounded the issue.