Month: March 2018

GXPN Review – SANS660 (Advanced Penetration Testing, Exploit Writing, and Ethical Hacking)

Although I passed it last month, I’m just now getting to my GXPN review after a long on-site engagement! Ray DoyleRay Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; …

GXPN Review – SANS660 (Advanced Penetration Testing, Exploit Writing, and Ethical Hacking) Read More »

sshuttle – Poor Man’s VPN via SSH (Great for Pivoting!)

I’ve recently been using sshuttle again, and I wanted to share how easy it is. Ray DoyleRay Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. …

sshuttle – Poor Man’s VPN via SSH (Great for Pivoting!) Read More »

pfSense DNSBL Whitelisting to Unblock Specific Sites

While I was away, someone asked me about pfSense DNSBL whitelisting, so I wanted to share a tutorial for it. Ray DoyleRay Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all …

pfSense DNSBL Whitelisting to Unblock Specific Sites Read More »

XSS Attack Chain – Reflected XSS -> CSRF -> Stored XSS

I used a great XSS attack chain in an engagement recently, and I wanted to share it. Ray DoyleRay Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done …

XSS Attack Chain – Reflected XSS -> CSRF -> Stored XSS Read More »

Nmap Alarm – For When the Target Won’t Stay Online

While not the most useful tool, I wanted to share the Nmap alarm that I used on a recent engagement. Ray DoyleRay Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all …

Nmap Alarm – For When the Target Won’t Stay Online Read More »