Category: Pen Testing
-
Apache Struts CVE-2018-11776 – Testing, Analyzing, & Detection
Intro Any time a new Apache Struts vulnerability comes out it should be taken pretty seriously as there are many “mission critical” systems that are leveraging the framework, with a considerable amount of them being public facing. Unfortunately, as a former Sys Ad I can tell you that many of these systems will go on…
Written by
-
My Journey Into The OSCP
Intro This post is going to break away from my typical technical how-to style posts, and talk a little bit about something that has been a personal goal of mine for some time โ The Offensive Security Certified Professional. When it comes to even thinking about enrolling in the OSCP, most people will question if…
Written by
-
Home Lab Setup (2017)
In this post and video I give a quick run down of my Home Lab – everything from the rack itself, to the hardware and the basics of what everything is being used for. I started this project towards the end of 2012 with a single Dell PowerEdge 2950 GII and was hoping to teach…
Written by
-
Exploiting Apache Struts – CVE-2017-9805
CVE-2017-9805 is yet another very legitimate vulnerability in the Apache Struts framework. In the video, I demonstrate how easy it is to run a simple public python script against a vulnerable remote server, ultimately resulting in a reverse shell back to the attacker. In this post, I will cover all the steps shown in the…
Written by
