-
OSCP: Try harder and try smarter!
Hello world! I’ve recently passed the OSCP. In this post I’ll try to share the learning material which helped me pass. Most of these things are not mentioned in the syllabus but turned out to be essential. I collected many bookmarks while preparing for the OSCP but to be honest...
-
Infrastructure as Code: Deploy Jitsi Meet to AWS
Hello world! Since the global COVID-19 pandemic started many businesses are now relying on video conference software like Zoom.In my humble opinion open-source alternatives like Jitsi Meet are not getting enough attention. So today we are going to set up a Jitsi Meet Server on AWS. If you’ve got no...
-
Pentesting: Local file inclusion to remote code execution on Hackazon
Hello World! Getting remote code execution is one of the most fatal vulnerabilities which can be present in an application. Today we are escalating a local file inclusion vulnerability to remote code execution on the Hackazon application. Hackazon is a vulnerable application from Rapid7 and the source code is public...
-
Infrastructure as Code: Setting up a web application penetration testing laboratory
Hello World! Having a laboratory is necessary to sharpen your skills and deep dive into new vulnerabilities as a pentester. Today we are going to build a beginner-friendly lab in the Amazon cloud using Terraform. But first what is Infrastructure as Code and Terraform? Infrastructure as Code is a principle...
-
Setting up a Jekyll development environment with Docker
Hello World! Today we will set up our development environment for a Jekyll blog. I started to set this up the old-fashioned way by installing all dependencies on my local Windows box. Every time I tried to build Jekyll threw a lot of gem not found errors and I started...