Categories
web assessments

Need ATutor for AWAE?

I was fortunate enough to go through Offensive Security’s Advanced Web Attacks and Exploitation course. However, since my lab time was limited, I found myself somewhat rushing through some of the modules to ensure I had enough time to work through the entire course materials provided. Now that my lab time is over, and with […]

Categories
web assessments

Chaining Web Vulnerabilities FTW w/RCE

I’ve recently enrolled in Offensive Security’s Advanced Web Attacks and Exploitation (AWAE) course. One of the biggest takeaways that I’ve experienced so far, is that when finding various vulnerabilities, some may not be as significant as a SQLi or RCE, but if possible these "less impactful" vulnerabilities can be chained together to form a more […]

Categories
web assessments

Slacking off with sqlmap

When working through web assessments, it becomes apparent real quick that automating some of your scans/setup can be a solid strategy. One efficient way of being notified of different results from your scans is through the use of Slack’s webhooks. This post was inspired by Kamil Vavra’s post found here, and recounts how these webhooks […]