Published inInfoSec Write-upsUsing tmux for automating interactive reverse shellsAutomating the process of converting a non-interactive reverse shell to a fully interactive TTY.Jul 2, 20211Jul 2, 20211
White Box Penetration Testing: “Cheating” in order to boost impact and valueAlmost every professional pentester is always thrilled when a black box pentesting comes along, however it’s probably in white box that…Feb 5, 2021Feb 5, 2021
Published inInfoSec Write-upsThis is how you can deliver true value through your pentest reportsThere are only two things your client wants: how their business can be affected by impactful exploitation of a vulnerability and how they…Jan 12, 20211Jan 12, 20211
Learning from your mistakes as an offensive security professionalA team methodology for extracting the best lessons out of your worst failures.Dec 28, 2020Dec 28, 2020
Published inInfoSec Write-upsHandling Short Expiring Time of Authorization TokensHow not to waste precious time when testing a web applications or API’s with Burp SuiteDec 22, 2020Dec 22, 2020
A matchbox machine that learnsToday I’m going to write about a very cool thing that I learned a few months ago: how to build (and code) a matchbox machine that can…Mar 29, 2020Mar 29, 2020
Published inInfoSec Write-upsMobile phone number verification bypassIn this post I’ll show how I bypassed the phone number verification process in a website. I’m also going to explain why this was possible…Mar 29, 20201Mar 29, 20201