thomfre.dev@home:~$

Yet another development, infosec and offensive security blog

    Phishing for Slack-tokens

    04 Feb 2021
    Slack (and other Electron apps) often use cookies to store session/access tokens. Perhaps we can extract and use these tokens for phishing awareness training?

    Creating fake alerts in phishing emails

    06 Nov 2020
    Use CSS and HTML to hide and replace administrator injected alerts in Office 365

    My OSWE experience

    17 Jul 2020
    I’ve had my eyes in the AWAE course for several months, and initially thought it would be too difficult for me to do this year. But then I just decided to give it a try! Note: This blog post is very low quality compared to the one I wrote about...

    My eLearnSecurity Web Application Pentester experience

    11 May 2020
    This blog post is a review/summary of my experience with the eLearnSecurity Web Application Pentester training path. eLearnSecurity has this to say about this training path: The Web Application Pentester path is the most advanced and hands-on training path on web application penetration testing in the market. This training path...

    My OSWP experience

    23 Mar 2020
    After I started looking at OSCP, I also noticed OSWP - which seemed like a much shorter, and simpler, course. I knew it was old, but it was still interesting enough that I wanted to give it a go. My advice Pre-WiFu advice Make sure to purchase the correct equipment....

    My OSCP experience

    06 Mar 2020
    I hadn’t even heard about OSCP until I noticed that a colleague had taken it early in 2019. So I decided that I want to do the same. Fast forward to November 2019, and I decided it was time to do it. So I did. I want to share a...

    Using VS Code for note taking

    28 Feb 2020
    During my PWK (Penetration Testing with Kali Linux) course and lab time, I used VS Code extensively to write my own research notes. I used Joplin for enumeration and attack notes. VS Code combined with Markdown and git (and GitHub, Gitlab etc) make up a very powerful note tool. Below...