Previously I talked about enumeration being the most important stage of any penetration test. Building on this, my opinion is that the next most important stage of a penetration test is post exploitation. Simply running an exploit and gaining access or a shell on a system can be valuable, but finding out what you can do … Continue reading OSCP Prep – Episode 10: Exploits (Part 2) →

This week, I decided to take a small detour and study web application testing before continuing to post exploitation techniques. Like any software, web applications may have a range of vulnerabilities when secure coding methods are not followed. Vulnerabilities in web applications are most commonly associated with improper input handling, allowing attackers to inject malicious … Continue reading OSCP Prep – Episode 9: Web App Attacks →

This was a fun chapter to study, learning about password and the methods that can be used to crack them. Although the awareness regarding the need for password strength appears to be increasing, there are still an overwhelming number of cases where weak passwords are used, or even a general lack of password policy in … Continue reading OSCP Prep – Episode 8: Password Cracking →

Finally, after studying a range of theoretical concepts and collecting even more information, I began to exploit my virtual machines. Some of the exploits are complicated whilst some are as simple of abusing default configuration passwords, but all exploits are dangerous in the wrong hands. This section about running the exploits almost exclusively uses vulnerabilities … Continue reading OSCP Prep – Episode 7: Exploits (Part 1) →