When adding a “Password Reset” function to your application you should ensure it has same security considerations as any other critical function within the application. Attackers often spend extra time trying to break these mechanisms to gain some sort of unauthorised access.

There are some key considerations that must take…

When beginning any security assessment, whether it be a penetration test, bug bounty or a red team engagement, it is vitally important to perform as much recon as time will allow to ensure you discover any potential points of weakness that can be exploited which will allow you to complete…

After recently completing my OSCP (2nd exam attempt) I wanted to give a few non-technical tips since most guides out there seem to focus mostly on the technical side.

The approach I took for the second attempt differed a lot from the first, especially from a non-technical point of view…

Note: This is an older post from my old GitHub pages ‘blog’. Information was correct at the time this was posted in that location, circa mid-2017.

The Signature Problem

Traditionally, AV has always been about signatures. Malware is released, AV companies reverse it, signatures are created and released, AV now…

When playing for the blue team, there’s a fair chance you’ll need to get some alerting in place to warn you of some potential bad in your network. The following searches were written with Splunk + sysmon, however should be portable to most SIEM solutions. …

Numb Shiva

itsec guy. sometimes i internet. oscp/penetration testing/red team.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store