River Security Xmas Challenge 2021

For December 2021 River Security hosted a Christmas CTF. This is my writeup for the challenge.

December 27, 2021 · 20 min

My Burp Suite Certified Practitioner experience

This blog post is a review/summary of my experience with the Burp Suite Certified Practitioner exam. All of the information on this page are publicly available on the PortSwigger website. This review/summary does not contain any spoilers. PortSwigger has this to say about this training path: By becoming a Burp Suite Certified Practitioner, you will be able to demonstrate your web security testing knowledge and Burp Suite skills to the world....

December 20, 2021 · 7 min

Phishing for Slack-tokens

Slack (and other Electron apps) often use cookies to store session/access tokens. Perhaps we can extract and use these tokens for phishing awareness training?

February 4, 2021 · 6 min

Creating fake alerts in phishing emails

Use CSS and HTML to hide and replace administrator injected alerts in Office 365

November 6, 2020 · 3 min

My OSWE experience

I’ve had my eyes in the AWAE course for several months, and initially thought it would be too difficult for me to do this year. But then I just decided to give it a try! Note: This blog post is very low quality compared to the one I wrote about My OSCP experience, I encourage you to go read An experience leading up to Offensive Security Web Expert by loca1gh0s7, which was my inspiration for starting on this journey....

July 17, 2020 · 4 min

My eLearnSecurity Web Application Pentester experience

This blog post is a review/summary of my experience with the eLearnSecurity Web Application Pentester training path. eLearnSecurity has this to say about this training path: The Web Application Pentester path is the most advanced and hands-on training path on web application penetration testing in the market. This training path starts by teaching you the fundamentals of networking and penetration testing, then proceeds to providing you with the established web application penetration testing methodology and the latest web attacks, and ultimately showcases how to execute more advanced and complicated attacks, by heavily manipulating web application components....

May 11, 2020 · 12 min

My OSWP experience

After I started looking at OSCP, I also noticed OSWP - which seemed like a much shorter, and simpler, course. I knew it was old, but it was still interesting enough that I wanted to give it a go. My advice Pre-WiFu advice Make sure to purchase the correct equipment. I recommend sticking to the recommended hardware (see what I used further down). WiFu advice Read all of the PDF, even the highly technical boring stuff Take notes (I recommend Markdown in VS Code) Do the exercises and write down your steps (good training for the exam report, and nice to have later) Use the latest Kali, or whatever Linux distro you prefer (no need to use the provided image) Exam advice Schedule your exam a couple days in advance Schedule the exam for a time slot that best fits you Use the provided report template Keep it simple Take notes and screenshots My background I’ve been a hobby coder since I was 10, and a professional developer for a long time, so I know my way around a computer....

March 23, 2020 · 4 min

My OSCP experience

I hadn’t even heard about OSCP until I noticed that a colleague had taken it early in 2019. So I decided that I want to do the same. Fast forward to November 2019, and I decided it was time to do it. So I did. I want to share a bit about my experience (sorry, no spoilers), and my advice on how to succeed. My advice Unless you’re already working as a penetration tester, this should be about learning....

March 6, 2020 · 9 min

Using VS Code for note taking

During my PWK (Penetration Testing with Kali Linux) course and lab time, I used VS Code extensively to write my own research notes. I used Joplin for enumeration and attack notes. VS Code combined with Markdown and git (and GitHub, Gitlab etc) make up a very powerful note tool. Below you’ll see a list of all the extensions I’ve added, which make working with Markdown in VS Code even easier....

February 28, 2020 · 2 min