XSS Via XML Value ProcessingXXE is not the only vulnerability that can be introduced to a web application when processing XML files. If the values within strings are…Jan 26, 2021Jan 26, 2021
Application takeover via Password Reset Token TheftWhen adding a “Password Reset” function to your application you should ensure it has same security considerations as any other critical…Jan 18, 2021Jan 18, 2021
The Importance of ReconWhen beginning any security assessment, whether it be a penetration test, bug bounty or a red team engagement, it is vitally important to…Jun 9, 2020Jun 9, 2020
OSCP (non-technical) TipsAfter recently completing my OSCP (2nd exam attempt) I wanted to give a few non-technical tips since most guides out there seem to focus…Mar 24, 2020Mar 24, 2020
Using UPX packer to bypass AVNote: This is an older post from my old GitHub pages ‘blog’. Information was correct at the time this was posted in that location, circa…Oct 26, 2018Oct 26, 2018
ImageMagic RCEOvernight @taviso dropped a few vulnerabilities in GhostScript, including one that will cause code execution in ImageMagick.Aug 22, 2018Aug 22, 2018
Sysmon + Splunk AlertingWhen playing for the blue team, there’s a fair chance you’ll need to get some alerting in place to warn you of some potential bad in your…Jun 8, 2018Jun 8, 2018
CVE-2017–17108 — KonaKart Path Traversal“KonaKart is a java based eCommerce software platform trusted by top brands throughout the world to give them a stable, high- performance…May 11, 2018May 11, 2018
