In July last year, I took a big step outside of my comfort zone and delivered two talks at local New Zealand cyber security conferences. These talks were a big highlight of my 2022, and I haven’t had the chance to fully reflect on my experience preparing for and delivering the talks. While we're still … Continue reading Preparing for and Delivering My First Conference Talks
Blog
Finding and Disclosing My First CVE’s
CVE’s, short for Common Vulnerabilities and Exposures, are a reference model for publicly known security vulnerabilities. Whenever a vulnerability is identified and disclosed, a new CVE can be requested and issued to document this vulnerability. Over time, as countless vulnerabilities have been discovered and documented, CVE’s have become the de facto method to classify vulnerabilities … Continue reading Finding and Disclosing My First CVE’s
How I Passed the CISSP Exam in 6 Weeks
Around the middle of January, I decided to commit to studying for the Certified Information Systems Security Professional (CISSP) exam. The CISSP was something that had sat on my list of goals for at least the last few years, and I finally made the call to dedicate the required time and effort into passing this … Continue reading How I Passed the CISSP Exam in 6 Weeks
Pivoting Through Internal Networks with Sshuttle and Ligolo-ng
"Pivoting" is the method used to navigate throughout a network, by using a compromised "foothold" host to gain access to other internal networks and network components that otherwise wouldn't have been accessible directly. In most networks, there will be various network segments that will contain different servers or devices of interest. It is therefore an … Continue reading Pivoting Through Internal Networks with Sshuttle and Ligolo-ng
CVE-2021-40444 PoC Demonstration
Introduction This week, a new zero-day vulnerability was disclosed affecting Microsoft Office applications. CVE-2021-40444 made waves throughout the cybersecurity industry for its ability to perform remote code execution on Windows operating systems with minimal interaction from the user. By simply opening a specially crafted Microsoft Office document, remote code execution could be obtained. Within a … Continue reading CVE-2021-40444 PoC Demonstration
Spoofing an Android Phone to Exploit the Razer Local Privilege Escalation Vulnerability
Intro Last Sunday, on a particularly lazy afternoon, I came across a Tweet that caught my attention. It was a demonstration of a local privilege escalation vulnerability that is possible when plugging in a Razer device to any Windows machine. The TL;DR of this vulnerability is that Windows identifies the drivers and software required for … Continue reading Spoofing an Android Phone to Exploit the Razer Local Privilege Escalation Vulnerability
eLearnSecurity Web Application Penetration Tester (eWPT) Review
I finished the Web Application Penetration Tester course from eLearnSecurity a couple months ago. This was a long time coming, and I had delayed studying for this course for quite some time but finally got around to finishing it off before I completely forgot about it’s existence. I haven’t posted a course review in a … Continue reading eLearnSecurity Web Application Penetration Tester (eWPT) Review
Mid Year Update
It’s been almost half a year since I last updated this blog and quite a lot has changed since my last post. For starters, Offensive Security finally updated their OSCP course with new materials and lab machines. The exam remains the same though as far as I’m aware, and based on what I’ve seen of … Continue reading Mid Year Update
My InfoSec 2019 Year in Review
I apologize for not posting for a couple of months now, I've been extremely busy with some more life stuff (some of which is detailed below). Probably the biggest news since I passed the OSCP is that I officially started a new job working as a penetration tester! There is a lot to talk about … Continue reading My InfoSec 2019 Year in Review
How To Pass the OSCP – a Beginner Friendly Guide
I wanted to make this post detailing everything I did when studying for the OSCP examination. I made a lot of mistakes along the way, and my path was far from the most efficient or effective method for studying toward the OSCP. Nevertheless, I did learn something from every resource listed here and I strongly … Continue reading How To Pass the OSCP – a Beginner Friendly Guide
KentoSec 