When I’m taking part in a penetration test or red team engagement, I love digging down into the intricacies of Active Directory. Oftentimes, I’ll find misconfigurations which, chained with other vulnerabilities, can lead to a complete takeover of that domain. Recently, I watched a video whereby the wonderful harmj0y (Will Schroeder) and Lee Christensen from Specter Ops presented brand new research surrounding the abuse of Active Directory Certificate services. It certainly ticked two boxes for me which got me really excited: Active Directory and intricacy. …

I’ve been on a bit of a certification rollercoaster as of late; in the space of three months I’ve taken CRTP, eCPPT and now, the PNPT. I’ve really enjoyed all three for different reasons, and in this post, I’ll be discussing the latter. Background PNPT is offered by TCM Security, which…

I completed my eCPPTv2 exam, originally, on 4th January, and received a reply on 25th January, stating that I had failed. This was unexpected, as I thought I’d compromised the entire environment, and reported on it to a good standard. I was wrong. …

Stored XSS 😲 On the back of a recent discovery, I felt encouraged to go hunting for some more vulnerabilities in open source software. After some searching, I settled on Messaging Web Application, which is an open-source browser-based messaging application. …

In this blog post, I’ll share the recent vulnerability I found in a CMS, how I found it and a POC exploit. I should stress before we get into the nitty-gritty, this is my first CVE. It’s not super technical, it’s not going to turn any heads, but seeing as…

Note that the Certified Red Team Professional (CRTP) course and labs are offered by Altered Security who are creators of the course and labs. You can get the course from here — https://www.alteredsecurity.com/adlab In October 2021 I undertook and successfully passed the Certified Red Team Professional certification, which is offered…