Sometimes during pentest engagements in restricted networks, we might need access to the internet. Internet access could be used to exfil info or retrieve a tool or script. Because of the state of those networks, no data can leave the network boundry. Security is hard and although the internet can be blocked, DNS is sometimes overlooked and DNS queries could still work. This is were we can use DNS Tunneling to circumvent any blocks that have been put in place.

Continue reading

As an OSCP student, I frequently searched the web for notes, tips, advice, or anything that would help me learn the necessary skills to pass the exam. This field guide started off as that, a collection of gathered OSCP notes from around the web, but as I learn more, this post serves as a place to document everything.

Continue reading

Mango. Oh man. Getting user access on this box was intense. I personally have weak web exploitation skills when it comes to web attacks, so this box did teach me alot. In terms of realism, this box was definitely real-world related and I can apply everything I learned to any future pentests I will do.

Continue reading

Intro to Buffer Overflows

SLMail is an awesome choice of software to easily practice creating and exploiting buffer overflows. If you need to practice Buffer Overflows for your OSCP, then hopefully this tutorial can help you.

Continue reading

Intro to RFID Hacking

This primer is for those that are interested in RFID pentesting. If you don’t know where to start or if you are looking into RFID “hacking”, I hope you can take something away from all of this. I am in no way an expert and I am still learning as much as I can about this technology.

Continue reading

Author's picture

Sage

Succurity through Obscurity usually isn’t a good idea.

Offensive Security

California, US