AI
-
Evil Twin Part 2: spying on victims with a MITM attack
We’re back with another Evil Twin attack tutorial. This time, we’re going to be building off my last post by adding internet access to the evil twin. So, if you haven’t read it and followed along, do that first before moving on to this post. With internet access provided to our evil twin, we’re finally
-
Hack The Box: SAU Writeup
It’s time I get back into some Hack The Box! I’ve done some machines before but it’s been a while since I’ve hacked the box. So, in the post, I’m going to walk you through my thought process of hacking the SAU machine. This will not simply be a list of commands I used to
-
Building Your Own Evil Twin Access Point from Scratch
Hello again! It’s been a while but I’m back after a bit of a break! In this post, I’m going to show you how to set up an evil twin wireless access point. This post is going to be part of a series of posts detailing different attacks we can build off of this simple
-
Remote code execution via polyglot web shell upload – Portswigger Web Security Academy Lab Walkthrough
In this lab, we will bypass simple file validation to upload PHP code. I found this lab particularly interesting because the bypass involved injecting code into an image’s metadata. This is a technique I was unfamiliar with before attempting to solve this lab and I thought it was pretty cool. So, let’s get into my
-
How to crack your WiFi network’s password with aircrack-ng
Hello again! If you read my last post on AP and Client discovery with Airodump-ng, then get ready to take the skills you learned to the next level! We’re not just going to be observers anymore. We’re going to hack wireless networks by cracking their passwords! This method involves using airodump-ng to capture the necessary
-
Make access control bug discovery fast and easy with Autorize
We’re back from our slight detour to swing back into web app testing! Don’t worry though, I haven’t given up on wireless stuff. More content for that coming soon! In this post, I’m going to walk through a demo that makes use of my favorite Burpsuite extension: Autorize. Autorize is a plugin that makes testing