Home

The purpose of this blog is to create content relating to offensive security. This includes topics or concepts that I am working on or learning about as well as vulnerable system walkthroughs (HackTheBox, CyberSecLabs, TryHackMe). Additionally, I will post current events and vulnerabilities as they are released. My hope is to be able to add my perspective and contribute to the cybersecurity community.

Latest from the Blog

HiveNightmare (CVE-2021-36934)

Summary HiveNightmare AKA SeriousSAM AKA CVE-2021-36934 is a Microsoft Windows vulnerability which affects Windows 10 and 11 starting with Windows 10 version 1809. This vulnerability allows for an attacker that has local access to any low level (non-administrator) account to perform a privilege escalation attack in order to elevate their privileges or harvest credentials and…

July 23, 2021

LFI to RCE

I’ve been reading up on this as I prepare for my OSCP certification – there is no shortage of different attack vectors and chaining of exploits when it comes to getting ready. One of these is Local File Inclusion (LFI). Please note that this can apply to different platforms but for this blog post, we…

April 28, 2021April 28, 2021

SQL Authentication Bypass

No credentials? No problem! …well, maybe. If a web application is vulnerable to SQL injection (SQLi), you may be able to bypass authentication. A typical SQL query is like the following: SELECT * FROM table WHERE username = ‘bob’ AND password = ‘Str0ngP@ssw0rd!’; Usually you can start to test for the existence of this vulnerability…

March 22, 2021April 28, 2021

If you like my content and feel it adds value, please consider contributing:

$BTC: bc1q0723kp60wty86ycmf3tcr32luulpc44saulxq2
$XRP: r3Xrc9XmL2azspKqLAzma1hEAV67oxzsmn
$VET: 0x0723E77879D57Fcbf1A70a51578C334F7b3d9f77