Enhancing Web Security Workflows with Burp Suite, MCP Server, and Claude Desktop Integration

Artificial Intelligence (AI) and Large Language Models (LLM's) have been progressing rapidly since they were first introduced to the consumer market in 2022. One of the latest developments in this space is the Model Context Protocol (MCP). The MCP is a framework that helps AI models stay aware of their environment, tools, and tasks. Instead … Continue reading Enhancing Web Security Workflows with Burp Suite, MCP Server, and Claude Desktop Integration →

Passing the OSWP in 2024 – A Review

I recently passed the OSEP exam, as I discussed in my most recent blog post. My employer purchased a Learn One subscription on my behalf, which had the Offensive Security Wireless Professional (OSWP) included in the bundle. With two months left before my Learn One subscription ended, I decided to give the OSWP exam a … Continue reading Passing the OSWP in 2024 – A Review →

Passing the OSEP in 2024 – A Review

After about 10 months of study, I passed the OSEP exam last weekend. This has been something I have wanted to do for a few years now, but haven't felt like I was in a position to consistently dedicate time to it until the middle of last year. I was provided access to the Learn … Continue reading Passing the OSEP in 2024 – A Review →

Leveraging Artificial Intelligence and Automation for Enhanced Capability in Cybersecurity

I've recently been interested in Artificial Intelligence technologies and how they could be used to improve the cybersecurity capabilities for both individuals and organizations. This prompted me to build PhishText.Ai, which I showcased in my previous blog post. I wanted to expand on this topic and write down some broader thoughts I've had, while brainstorming … Continue reading Leveraging Artificial Intelligence and Automation for Enhanced Capability in Cybersecurity →

Exploring The Integration of Artificial Intelligence and Cybersecurity with PhishText.Ai

It's no secret that Artificial Intelligence and Large Language Models are dominating the technology industry in 2023. After years of speculation and predictions, ChatGPT burst onto the scene in November last year and quickly became an overnight sensation. This explosion in AI adoption and the seemingly endless possibilities inspired me to start building programs that … Continue reading Exploring The Integration of Artificial Intelligence and Cybersecurity with PhishText.Ai →

Burp Suite Certified Practitioner (BSCP) Review and Tips

Over the past few months, I've been honing my web application testing skills by studying Portswigger Labs and Academy content. Recently, I decided to pursue Portswigger's relatively new Burp Suite Certified Practitioner (BSCP) certification. Although Portswigger and Burp Suite have long been staples of the web application testing industry, the certification exam was only launched … Continue reading Burp Suite Certified Practitioner (BSCP) Review and Tips →

Preparing for and Delivering My First Conference Talks

In July last year, I took a big step outside of my comfort zone and delivered two talks at local New Zealand cyber security conferences. These talks were a big highlight of my 2022, and I haven’t had the chance to fully reflect on my experience preparing for and delivering the talks. While we're still … Continue reading Preparing for and Delivering My First Conference Talks →

Finding and Disclosing My First CVE’s

CVE’s, short for Common Vulnerabilities and Exposures, are a reference model for publicly known security vulnerabilities. Whenever a vulnerability is identified and disclosed, a new CVE can be requested and issued to document this vulnerability. Over time, as countless vulnerabilities have been discovered and documented, CVE’s have become the de facto method to classify vulnerabilities … Continue reading Finding and Disclosing My First CVE’s →

How I Passed the CISSP Exam in 6 Weeks

Around the middle of January, I decided to commit to studying for the Certified Information Systems Security Professional (CISSP) exam. The CISSP was something that had sat on my list of goals for at least the last few years, and I finally made the call to dedicate the required time and effort into passing this … Continue reading How I Passed the CISSP Exam in 6 Weeks →

Pivoting Through Internal Networks with Sshuttle and Ligolo-ng

"Pivoting" is the method used to navigate throughout a network, by using a compromised "foothold" host to gain access to other internal networks and network components that otherwise wouldn't have been accessible directly. In most networks, there will be various network segments that will contain different servers or devices of interest. It is therefore an … Continue reading Pivoting Through Internal Networks with Sshuttle and Ligolo-ng →