David VallesHow to get started in Industrial Control Systems (ICS) cyber securityIntroJun 7, 20201Jun 7, 20201
David VallesSecurity Testing of Thick Client ApplicationI have been recently testing many thick client applications. Colleagues and friends have come to me inquiring what my approach is. In this…Jul 7, 20191Jul 7, 20191
David VallesGaining Shell using Server Side Template Injection (SSTI)This post is about Server Side Template Injection (SSTI) and a brief walkthrough of how it can be leverage to get a shell on the server…Aug 22, 2018Aug 22, 2018
David VallesCVE-2017-4011 — Reflected XSS found in McAfee Network Data Loss Prevention (NDLP) 9.3.xIn this short post, I am going to write how I found a XSS vulnerability in McAfee NDLP product during a pentest. At the time of login with…Mar 25, 2018Mar 25, 2018