NorthSec 2019 – Into the Great White North

I attended NorthSec in Montreal last week and weekend and had an awesome time.

Continue reading

Leave a Comment

Filed under Security Not Included

IKE Aggressive Mode VPN – ike-scan + ikeforce

As I've seen it on more than a few engagements, I wanted to show attacking IKE aggressive mode VPNs.

Continue reading

Leave a Comment

Filed under Security Not Included

XSS Without Spaces – Finally, an Easier Filter

Back to some web applications, I wanted to share an example of XSS without spaces.

Continue reading

Leave a Comment

Filed under Security Not Included

Intigriti XSS Challenge – Fun with DOM XSS

I just finished the Intigriti XSS challenge, and I wanted to share my write-up for it.

Continue reading

Leave a Comment

Filed under Security Not Included

Setting up a DigitalOcean VPN with strongSwan

In keeping with the VPN theme, here's a quick guide on setting up a DigitalOcean VPN with strongSwan.

Continue reading

Leave a Comment

Filed under Security Not Included

VulnReport Docker Container – DIY Pentest Reporting

I (not so) recently setup a VulnReport Docker container in my lab, and I wanted to share the process.

Continue reading

Leave a Comment

Filed under Security Not Included

Iodine DNS Tunneling – Not Just for Exfiltration!

Continuing with my theme of VPNs, I thought I'd share some Iodine DNS tunneling this week.

Continue reading

Leave a Comment

Filed under Security Not Included

OpenPYN NordVPN – Always on Linux VPN

I recently setup OpenPYN NordVPN in my homelab, and I wanted to share how simple it is.

Continue reading

Leave a Comment

Filed under Security Not Included

Vulnserver LTER EIP Overwrite – A Little Easier This Time

While a simpler exploit, I wanted to share my LTER EIP overwrite as well.

Continue reading

2 Comments

Filed under Security Not Included

Vulnserver LTER SEH Continued (Part 2)

This post will conclude my Vulnserver LTER SEH exploit.

Continue reading

6 Comments

Filed under Security Not Included