CVE-2021-40444 PoC Demonstration

Introduction This week, a new zero-day vulnerability was disclosed affecting Microsoft Office applications. CVE-2021-40444 made waves throughout the cybersecurity industry for its ability to perform remote code execution on Windows operating systems with minimal interaction from the user. By simply opening a specially crafted Microsoft Office document, remote code execution could be obtained. Within a … Continue reading CVE-2021-40444 PoC Demonstration →

Spoofing an Android Phone to Exploit the Razer Local Privilege Escalation Vulnerability

Intro Last Sunday, on a particularly lazy afternoon, I came across a Tweet that caught my attention. It was a demonstration of a local privilege escalation vulnerability that is possible when plugging in a Razer device to any Windows machine. The TL;DR of this vulnerability is that Windows identifies the drivers and software required for … Continue reading Spoofing an Android Phone to Exploit the Razer Local Privilege Escalation Vulnerability →

eLearnSecurity Web Application Penetration Tester (eWPT) Review

I finished the Web Application Penetration Tester course from eLearnSecurity a couple months ago. This was a long time coming, and I had delayed studying for this course for quite some time but finally got around to finishing it off before I completely forgot about it’s existence. I haven’t posted a course review in a … Continue reading eLearnSecurity Web Application Penetration Tester (eWPT) Review →

Mid Year Update

It’s been almost half a year since I last updated this blog and quite a lot has changed since my last post. For starters, Offensive Security finally updated their OSCP course with new materials and lab machines. The exam remains the same though as far as I’m aware, and based on what I’ve seen of … Continue reading Mid Year Update →

My InfoSec 2019 Year in Review

I apologize for not posting for a couple of months now, I've been extremely busy with some more life stuff (some of which is detailed below). Probably the biggest news since I passed the OSCP is that I officially started a new job working as a penetration tester! There is a lot to talk about … Continue reading My InfoSec 2019 Year in Review →

How To Pass the OSCP – a Beginner Friendly Guide

I wanted to make this post detailing everything I did when studying for the OSCP examination. I made a lot of mistakes along the way, and my path was far from the most efficient or effective method for studying toward the OSCP. Nevertheless, I did learn something from every resource listed here and I strongly … Continue reading How To Pass the OSCP – a Beginner Friendly Guide →

Passing the OSCP – My Entire Experience

I passed the OSCP. Finally. Here's how. It's been a long time coming, and after almost a year of effort I am thrilled to have finally pushed this over the line. Going from next to no experience to passing the OSCP exam truly is one of my most difficult accomplishments. Here are my general thoughts … Continue reading Passing the OSCP – My Entire Experience →

eLearnSecurity Junior Penetration Tester (eJPT) – Course Review

I recently completed the Junior Penetration Tester certification, provided by eLearnSecurity. There are a number of reasons as to why I did this, but the main one is that I was felt myself losing motivation. Work and general life has been extremely busy for me lately, and I have struggled to find the time or energy … Continue reading eLearnSecurity Junior Penetration Tester (eJPT) – Course Review →

How to Pass the eJPT

Having recently completed the eLearnSecurity Junior Penetration Tester (eJPT) certification, I decided to write this post detailing the commands and techniques I used to pass. The hope is that this resource can be helpful to other student studying for this certification. For my full thoughts on this certification in the form of a review, check out … Continue reading How to Pass the eJPT →

HackTheBox Netmon Walkthrough/Guide

The Netmon machine on hackthebox platform was retired a few days ago. This machine holds sentimental value to me, as it was the first ever 'active' machine I owned. It's a fairly easy machine once broken down, but there is some thorough enumeration required to gain access to the web application which added a slight … Continue reading HackTheBox Netmon Walkthrough/Guide →