Odysseus

Odysseus

In eternal reflection about life, universe and everything else.

HackTheBox TENET

HackTheBox TENET

Tenet is a Medium difficulty machine that features an Apache web server with Wordpress.

Read more
Using tmux for automating interactive reverse shells

Using tmux for automating interactive reverse shells

I’ve recently read a great post about using the “expect” command line utility for automating the process of converting a non-interactive reverse shell to a fully interactive TTY, which means that by doing that, it’s possible to use features like tab completion, history navigation, clear the screen and, among others, being able to hit Ctrl-c without losing your access, which makes me really happy.

Read more
White Box Penetration Testing: 'Cheating' in order to boost impact and value

White Box Penetration Testing: 'Cheating' in order to boost impact and value

Almost every professional pentester is always thrilled when a black box pentesting comes along, however it’s probably in white box that you’ll be able to give your reports more meaning.

Read more
This is how you can deliver true value through your pentest reports

This is how you can deliver true value through your pentest reports

There are only two things your client wants: how their business can be affected by impactful exploitation of a vulnerability and how they can prevent this from happening?

Read more
Learning from your mistakes as an offensive security professional

Learning from your mistakes as an offensive security professional

In both my personal and professional lives I try my best to live by a simple statement: “Your failures are the building blocks of your success”.

Read more
Handling Short Expiration Time of Authorization Tokens

Handling Short Expiration Time of Authorization Tokens

How not to waste precious time when testing a web applications or API’s with Burp Suite

Read more
A Matchbox Machine that Learns

A Matchbox Machine that Learns

Hey you! So, here I am with my first post of 2019.

Read more
Bypassing Phone Number Verification

Bypassing Phone Number Verification

In this post I’ll show you how I bypassed the phone number verification process in a website.

Read more
Credentials validation without PoC

Credentials validation without PoC

I’ve found a flaw in one of the Check Point appliances.

Read more