PinnedThe Holistic Approach to Penetration Testing: Strengthening Your Client’s Cybersecurity PosturePentest and offensive security has been recognized as an essential addition for assessing an organization’s vulnerabilities and security…Nov 8, 2023Nov 8, 2023
PinnedPublished inInfoSec Write-upsMultiple CVEs affecting Pydio Cells 4.2.0Greetings hackers; just quickly wanted to share an advisory write-up that my team discovered in Pydio Cells 4.2.0. These have been…May 30, 2023May 30, 2023
PinnedPublished inSystem WeaknessI asked 10 Hackers Their Favourite Ways to Break into OrganizationsHello all, I come bearing gifts once more. To all cybersecurity professionals (especially those at Management and C-level) — I asked my…Nov 29, 20222Nov 29, 20222
PinnedThe 6 UGLY TRUTHS about Security CertificationsHere we are again, with yet another (possibly) controversial topic. This time is about security certifications. Regardless if you are in…May 6, 20228May 6, 20228
Tool Spotlight — Unveiling the Power of WebCopilot: An Automation Tool for Web App ReconAmidst this digital skirmish, reconnaissance plays a pivotal role, offering the initial glimpse into a target. WebCopilot, an ingenious…Mar 23, 2024Mar 23, 2024
Payload Storage in Malware Development: Code SectionIn the complex world of malware development, one crucial aspect that often stumps even seasoned cybersecurity professionals is the optimal…Jan 12, 2024Jan 12, 2024
Hunting 0days for a better worldHow finding CVE will protect your communities.Aug 13, 2023Aug 13, 2023
Published inSystem WeaknessBypassing image file upload restrictions [SUPER EASY]Hi people, it’s me and I’m back with more stuff that I learned in a recent engagement. I was tasked with testing a client’s web application…May 1, 20231May 1, 20231
Published inSystem WeaknessCyrillic character for phishing domainsHi everyone, it has been awhile since my last post. I’m here to bring you something that you may have heard (or not) in the past —…Apr 11, 2023Apr 11, 2023
City of Oakland data is leaked! PLAY RansomwareYour daily FLASH NEWS on Cyber Security:Mar 9, 2023Mar 9, 2023
I asked 11 hackers how they felt when they compromised their first Domain Admin.Hi everyone, it has been awhile since I had last deliver to you some interesting content. This time, I have one question I asked my fellow…Mar 7, 2023Mar 7, 2023
A new stream of Cybersecurity : design and visualizationYou don’t need to be a technical guru to contribute to the cybersecurity field, on this post we get to hear a story of a co-worker, a…Feb 9, 2023Feb 9, 2023
Published inSystem WeaknessIf you’re a penetration tester, DO THIS NOW!Hi all this is something that I hope can resonate with everyone. Developing tools as a penetration tester will deepen your understanding…Jan 6, 2023Jan 6, 2023
Published inSystem WeaknessGrouping your penetration testing artifacts [the art of organized testing]Storing testing artifacts and screenshots is important for several reasons. Firstly, it allows for the documentation and analysis of the…Dec 20, 2022Dec 20, 2022
Beginner’s guide to Cybersecurity Governance, Risk and ComplianceHi folks, this post is quite different because this isn’t written by me. I had mostly talk about “hacking” stuff, but cybersecurity is not…Nov 12, 2022Nov 12, 2022
Published inSystem WeaknessMalware development pt. 3 — EXE vs DLL filesBefore we create our first Portable Executable (PE), we need to understand the two types which are DLL (Dynamic Link Library) and EXE…Nov 11, 2022Nov 11, 2022
Malware Development pt. 2 — Understanding Different PE SectionsAs a continuation to my study, this note goes a little bit deeper into the different portion of “Sections” of a Portable Executable (PE)…Nov 7, 2022Nov 7, 2022
Malware development pt. 1 — What is a Portable ExecutableThis is the beginning of my blog documenting my journey in learning about malware development. As one would say — the best way to learn is…Nov 2, 2022Nov 2, 2022
How to: Breaching Cardholder Data in 50 hoursEver wondered how one can breach an organization’s network? In this article I talk about the steps I took to compromise a CDE environment.Aug 22, 20221Aug 22, 20221
HOW I HACKED A HEALTH INSTITUTION [Domain Admin Compromise]Hello everyone, today I will be bringing you a new war-story of mine that had just wrapped up in the recent months. At a high level, I was…Jun 30, 2022Jun 30, 2022
![Grouping your penetration testing artifacts [the art of organized testing]](https://miro.medium.com/v2/resize:fill:80:53/1*BfyBUyZeGzJ0zrUM6Y6-HA.png)
![Grouping your penetration testing artifacts [the art of organized testing]](https://miro.medium.com/v2/resize:fill:160:107/1*BfyBUyZeGzJ0zrUM6Y6-HA.png)
![HOW I HACKED A HEALTH INSTITUTION [Domain Admin Compromise]](https://miro.medium.com/v2/resize:fill:80:53/1*ZThZXHEKF7BqzgZ2ktQJYg.png)
![HOW I HACKED A HEALTH INSTITUTION [Domain Admin Compromise]](https://miro.medium.com/v2/resize:fill:160:107/1*ZThZXHEKF7BqzgZ2ktQJYg.png)
