I’m asked this question often, and in this piece, I’m going to answer it. What is Cybersecurity? First, let’s start with what cybersecurity is. To put it as simply as I can, cybersecurity amounts to the collective measures put in place to prevent the unauthorized access and use of networks, data, and devices…

I passed the CompTIA Pentest+ Exam first try, and you will too. If you’re reading this blog, I think it’s safe to assume that you’re familiar with what the Pentest+ certification is — so I won’t got into great detail — but as a refresher, the CompTIA Pentest+ is an…

Host discovery, port scanning, and more… I’ve been completing TryHackMe’s Junior Penetration Tester path; here are some common network reconnaissance tools used by hackers/pentesters and what I’ve learned about them. What is it? Reconnaissance in cybersecurity is the act of gathering information on a target system or network. There are two kinds of…

What is It? SQL stands for Structured Query Language, and it is a language used for querying(requesting information from or inserting information in) databases. SQL Injection is a vulnerability that allows an attacker to make malicious queries to the back end database of a web application. …

I’ve recently completed TryHackMe’s cross-site-scripting room and PortSwigger’s XSS labs and here’s what I’ve learned! This piece assumes you have the OWASP Broken Web Application installed and already have Burp set up as your proxy! What is XSS? XSS stands for cross-site scripting. It is counted among the OWASP top 10 vulnerabilities for…

This piece goes over the basics of Recon-ng and how to use it to facilitate OSINT research! I’ll be covering two modules: google_site_web and the Profiler. This piece assumes you already have Recon-ng installed. (If you are using Kali Linux, then Recon-ng is installed by default.) What is OSINT? OSINT stands for Open…

I’ve completed TryHackMe’s SSRF room and completed PortSwigger’s SSRF labs and here’s what I’ve learned! What is It? SSRF stands for server-side request forgery. This vulnerability allows an attacker to make HTTP requests from the back end server of a web application to resources the server has access to. …

Covering what I’ve learned completing TryHackMe’s file inclusion room in their Junior Penetration Tester learning path and their 6th challenge for the Advent of Cyber 3 Event! Types of File Inclusion There are two types of vulnerabilities I’ll be covering in this piece! The first is Local File Inclusion, for which I’ll be providing…

This assumes that you already have BurpSuite set up as the proxy for your browser! What is CSRF? CSRF stands for cross-site request forgery. It is listed as one of the OWASP top 10 web application security vulnerabilities! CSRF attacks get the user’s browser to perform an unwanted or unintended action on a…