Andy Gill - ZephrSec - Adventures In Information Security (Page 5)

Sign in Subscribe

Andy Gill

LTR101: WebAppTesting - Methods to the Madness

LTR101: WebAppTesting - Methods to the Madness

Following my post on Web Application Testing Methodologies [https://blog.zsec.uk/ltr101-methodologies/], I received a lot of feedback and requests to elaborate more on the methodology. As it is geared towards pentesters, some newbies might not understand what things are or what tools can be used to achieve the

LtR101: Web Application Testing Methodologies

Getting Started

LtR101: Web Application Testing Methodologies

I get loads of messages on various mediums each week asking about how to get into information security & bug hunting. Queries range from how to do things through to how to get into the industry and where to start. I started this series for those people, learning and wanting

LtR101: Web Application Testing - Further Reading

LtR101: Web Application Testing - Further Reading

Further Learning Resources Now you have a somewhat understanding of what web application testing is, how to setup your learning/playground environment & how to use some tools, you're likely wanting something to hack and play with? Well fortunately there are many many many resources out there for

Web Application Testing - Tooling

Getting Started

Web Application Testing - Tooling

Having given an introduction into web app testing [https://blog.zsec.uk/101-web-testing-1/] it is now time to move onto the tooling. Noting that this is for testing and not specifically bug bounty hunting. The tooling and techniques are slightly different. The art of web testing is made up of

Web Application Testing(Learning the Ropes 101)- Introduction

Getting Started

Web Application Testing(Learning the Ropes 101)- Introduction

To give some background, for those of you who do not already know I work as a pentester and my specialism is web application pentesting/penetration testing(also referred to some as appsec). I started this series to help individuals wanting to get into security & learn about the fundamentals

gif it time it'll come to you - Finding More Holes in The Hub

gif it time it'll come to you - Finding More Holes in The Hub

Following suit of stored cross site scripting vulnerabilities this post will talk about another issue I found in Pornhub. Unfortunately someone found before me and as a result this bug was a duplicate. However, this is my write-up of it and how it was possible, how it worked and the

Persisting on Pornhub

Persisting on Pornhub

This guy again? More Pornhub [https://hackerone.com/pornhub] bounty things? Well yeah, sort of. Recently I found a stored cross-site scripting vulnerability in Pornhub core(i.e pornhub.com). Allowing any user to post malicious links to their 'steam' aka profile. This post will explain how the

Learning the Ropes 101 - People Skills

Getting Started

Learning the Ropes 101 - People Skills

For most of you reading this series you might have seen the first few technical articles then one about reporting, now you're seeing this about people skills. It's got you thinking now hasn't it? Why do I need to talk to people irl [https:

Learning the Ropes 101: Stay Beautiful, Stay Verbose

Learning the Ropes 101: Stay Beautiful, Stay Verbose

Having recently just arrived back from DEFCON 24 Las Vegas, I've not had a chance to write up much in regards to blogging and for that I am sorry! Anyway this post will discuss the importance of reporting and what it means to me to create a beautiful,

CSV Injection -> Meterpreter on Pornhub

CSV Injection -> Meterpreter on Pornhub

This post will discuss an issue I found regarding CSV injection on Pornhub.com, allowing a remote attacker to inject malicious code into video titles resulting in potential full compromise of content creators and other users. Note: Pornhub have advised that they will no longer be rewarding for this type

CSV Injection Revisited - Making Things More Dangerous(and fun)

CSV Injection Revisited - Making Things More Dangerous(and fun)

In this post, I will discuss several methods and remediation steps that can be used to help escape and mitigate CSV [https://support.office.com/en-gb/article/Import-or-export-text-txt-or-csv-files-5250ac4c-663c-47ce-937b-339e391393ba] (Comma separated values) injection type attacks. For those of you who may not know what CSV injection is or how it occurs,

Quick and Easy Server + Ghost Setup (Part 2 - Ghost Setup)

Quick and Easy Server + Ghost Setup (Part 2 - Ghost Setup)

Installing Ghost Assuming you've already read part 1 [https://blog.zsec.uk/quick-server-p1/]. Now that we have a somewhat setup server with required settings and the like, it's time to install ghost blog, for this here is a short all in one script for ease of

Quick and Easy Basic Server + Ghost Setup (Part 1 - Server Setup)

Quick and Easy Basic Server + Ghost Setup (Part 1 - Server Setup)

So, for some of you who follow my blog, you may have noticed it was down this weekend. This is due to me smartly attempting to update to installation of ghost but getting it wrong several times. As a result decided to flatten the server and spin up a new

Getting Started

Learning the Ropes 101: Operating Systems - Linux

When learning about information security, software development, computer science or "insert other relevant topic here" it is likely that you will come up against a variety of different operating systems. Most new folks to this area will be primarily windows users and as a result will have had

Popping the Pornhub Cherry

Popping the Pornhub Cherry

Currently at time of writing I'm ranked #1 finder of Bugs on https://hackerone.com/pornhub which is a nice position to hold. This post is to explain the techniques I've used to get to where I am and how I found my most recent $2500

Getting Started

Learning the Ropes 101: Basic Networking

In regards to the technological skill set required in this sector, dialling it down to complete basics is where to start. It is very important to understand and get your head around basic networking before you start to look at anything else as networking is how the internet works. How

Learning the Ropes 101: Introduction

I recently had a friend of mine come to me asking how to get into hacking and this side of technology. His background was very varied so it was difficult to outline the core fundamentals that a person would need to get into this sector. This post will try to

Install Kali Nethunter & FruityWiFi on Nexus 5

Originally Written by Ben May [https://twitter.com/atarii] || Github [https://github.com/atarii] Here are the steps taken to install Kali nethunter and FruityWiFi on the Nexus 5. Reboot into fastboot: adb reboot bootloader Unlock bootloader with: fastboot oem unlock Download the 6.0.1 image - hammerhead-mmb29v-factory-62a68ee9.tgz

How to Statically Compile NMAP

Here is a short explanation on how to compile nmap statically. Version of nmap used: https://nmap.org/dist/nmap-7.11.tar.bz2 Method First set up the environment (''-fPIC'' is needed, for static compilation): export CFLAGS="-march=core2 -O2 -fomit-frame-pointer -pipe -fPIC" export

Setup Oracle in Kali Rolling & Kali 2.0

How to Setup Oracle in Kali 2.0 I recently have started preparation for an exam which requires the use of Kali for testing and noticed that out of the box Kali 2.0 Sana or rolling do not support oracle. So I set about to find out how to

Approaching Bug Bounties with an Ethical Mindset

The term ‘Bug Bounty’ may be an unknown term to you, but for some it may spawn images of Star Wars bounty hunters; rest assured it has nothing to do with wet work or killing. The phrase was coined for the modern age, which sees companies having open invitations for

Getting Started in InfoSec

I’ve been meaning to create a write-up on how to get into the industry and certain resources to check out for different skill sets. So here it is, there are lots of different routes into Pentesting however there are two main things to keep in mind. Firstly who you

tooling

NotMicroburst NotMicroburst.zip 96 KB download-circle $enabledSubs = Get-AzSubscription | Where-Object{$_.State -eq "Enabled"} $results = foreach ($SubName in $enabledSubs) { $IDOut = $SubName.id Set-AzContext -Subscription "$IDOut" Get-ARTAccess Get-ARTADAccess } $results | Out-File AzureRT_Access.txt Get-AzSubscription | Where-Object{$_.State -eq "Enabled"}

window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-90NCC2R7PE');