Hack The Box Walkthrough: Postman
Hello and welcome to my blog which details the path to root on the https://www.hackthebox.eu machine named POSTMAN. As per […]
Blog
How to phish for passwords and bypass 2FA with Evilginx2
Introduction I have always manually setup phishing campaigns. I’d create servers, configure domains, copy web applications, setup TLS certificates and […]
My top 10 penetration testing tools by usage
What is this list? I regularly get asked two questions. The first is “how do you get into penetration testing?” […]
PSD2 and Open Banking Security Assessment
PSD2 and OpenBanking The Payment Service Directive 2 (PSD2) is a EU regulation which came about in January 2018. This […]
Buy Cheap, Buy Twice
Introduction Firstly, lets establish that I am not a sales guy. I’ve been a security consultant for 6 years now […]
Wireless Hacking Cheat Sheet
WPA2 Handshake Capture and Cracking Start monitor mode airmon-ng start wlan0 Start capturing wireless data airodump-ng wlan0mon Start capturing wireless […]
T1110: Credentials Access: Brute Force
Tactic: Credential Access Using the Brute force technique can be a strong method to gain access to an account when […]
T1139: Credentials Access: Bash History
Tactic: Credential Access When using a Linux operating system, this normally means a heavy reliance on a bash command-line rather […]
T1133: Initial Access: External Remote Services
Initial Access, Persistence Organisations will typically require external services to be presented to the internet for various reasons. This could […]
T1078: Initial Access: Valid Accounts
Tactic: Defense Evasion, Persistence, Privilege Escalation, Initial Access Valid Accounts One of the most trivial ways to gain initial access […]