Pentest

Using tmux for automating interactive reverse shells

Using tmux for automating interactive reverse shells

I’ve recently read a great post about using the “expect” command line utility for automating the process of converting a non-interactive reverse shell to a fully interactive TTY, which means that by doing that, it’s possible to use features like tab completion, history navigation, clear the screen and, among others, being able to hit Ctrl-c without losing your access, which makes me really happy.

Read more
White Box Penetration Testing: 'Cheating' in order to boost impact and value

White Box Penetration Testing: 'Cheating' in order to boost impact and value

Almost every professional pentester is always thrilled when a black box pentesting comes along, however it’s probably in white box that you’ll be able to give your reports more meaning.

Read more
Learning from your mistakes as an offensive security professional

Learning from your mistakes as an offensive security professional

In both my personal and professional lives I try my best to live by a simple statement: “Your failures are the building blocks of your success”.

Read more
Bypassing Phone Number Verification

Bypassing Phone Number Verification

In this post I’ll show you how I bypassed the phone number verification process in a website.

Read more
Credentials validation without PoC

Credentials validation without PoC

I’ve found a flaw in one of the Check Point appliances.

Read more