Blogs

FireRTC: Call Spoofing

FireRTC is a tool that can be used to spoof any phone number, and dial out to the designated phone number.

Hidden Eye: A Modern Phishing Tool

An easy to use phishing tool that will allow you quickly build and create a phishing engagement in an attempt to capture credentials.

CEH Master, An Honest Review

This post is meant to be an honest review of the CEH Master, if you're unhappy with my review, I'm sorry.

Linux Privilege Escalation: Quick and Dirty

A quick and dirty Linux Privilege Escalation cheat sheet. I have utilized all of these privilege escalation techniques at least once.

The Ultimate OSCP Preparation Guide, 2020

An organized guide to highlight some of the smartest techniques and resources for your OSCP journey.

P1: Critical - Discovering and Foiling a Threat Actor

How Jackson and I managed to land a Critical Vulnerability Bounty - and through persistence, ensure that justice was served.

CVE-2020-27388: YOURLS 1.5 - 1.7.10, Multiple Stored Cross Site Scripting (XSS) Vulnerabilities in Admin Panel

Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP Plugin with a malicious payload and upload it, resulting in multiple stored XSS issues.

Account Takeover on the Jack Daniel's Tennessee Squire Association Platform

A Business Logic Flaw was discovered in the Jack Daniel's Tennessee Squire Association. It led to the full compromise of a user account, with many other accounts inadvertently exposed.

CVE-2020-28360: npm private-ip SSRF Bypass (IP Phone Home)

Versions of npm private-ip including and prior to 1.0.5 are vulnerable to multiple Server Side Request Forgery (SSRF) bypasses. Implemented Regular Expression (RegEx) within the package fail to account for variations of localhost and other Private IP ranges. An attacker can obfuscate payloads, or utilize ranges outside of the block list to successfully execute SSRF bypass techniques, circumventing restrictions.