So it's been right about 5 months since I wrote my last blog and things have been wild. I ended up having to push back my OSCP due to some medical issues and a prolonged hospital stay, but because I was determined to give it a shot, I still took the test while I was … Continue reading A Long Time Ago… (OSCP lessons learned)
File Upload Attacks- PHP Reverse Shell
So I've been crazy busy, taking the OSCP in 1 week! But I've been working on a lot of stuff, and one of them has been file upload attack vectors. This will eventually be incorporated into a wiki that I'll be working on, but I figured I'd get up a blog post in the meantime … Continue reading File Upload Attacks- PHP Reverse Shell
OSCP- 4 Weaks In
Well, these first 4 weeks of study have not gotten off to a great start. Poison sumac, getting bounced between doctors for sleep and digestive issues, unforeseen personal issues that have drained me emotionally, mentally, physically and took a good chunk of my time, have all put me behind the 8 ball with where I'd … Continue reading OSCP- 4 Weaks In
OSCP Prep- 2 Weeks In
So it's been just about 2 weeks since I registered for my training for the OSCP. My training won't start until July 13th, but in preparation for that training, I've decided to do some pre-training to get myself ready. The preparation phase so far: PentesterLab (https://pentesterlab.com/)- Paid subscription OverTheWire WarGames (http://overthewire.org/wargames/)- Free CTF like challenges … Continue reading OSCP Prep- 2 Weeks In
I just got this symphony goin….
So it's been a long while since I've touched this blog and I'd like to make an effort to actually start putting some more content in here. To start with, check out the slides from my recent talk at RVASec 2019: These Aren't the Scans You're Looking For- A look at 'Automated Pentesting' The slides … Continue reading I just got this symphony goin….
Bypassing Siebel Authentication
Note: This vulnerability was disclosed to Oracle initially in early September 2016 and followed up on subsequently. My last communication with Oracle regarding this matter was on November 30th, 2016. Here is the discussion (with sensitive information removed): Oracle: "We have identified an existing patch to fix the issue" Me: "Thank you for the update. Do … Continue reading Bypassing Siebel Authentication
This is a blog about Infosec
So I've decided to start a blog. I can't promise it will be interesting or updated that often. But what I can promise is that it will be a blog.
You must be logged in to post a comment.