Posts

This is an easy-difficulty mobile challenge - and here is the description: This app has stored my credentials and I can only login automatically.

Introduction # We’ve already learned a decent amount about of introductory information about OS command injection when we were studying for the Burp Suite Certified Practitioner Exam.

This blog post is meant to provide a value assessment and a review of my experience going through the course material and taking the PNPT exam.

As always we start with a port scan: ╰─ nmap -sC -sV 10.129.230.179 Starting Nmap 7.

What is Kerberos? # Kerberos is the system users within an AD domain can use to authenticate to some service on the network.

IPv6 DNS Takeover # Another internal attack vector we should keep in mind has to do with IPv6 and how it is configured with DHCP.

What is LLMNR? # LLMNR (Link-Local Multicast Name Resolution) is one of multiple local host resolution protocols.

In this challenge we are greeted with a web page: Let’s go ahead and make an account and very quickly we can observe that we are able to make and post threads with markdown content.

Introduction # To preface this post, I want to briefly describe my level of experience to help others who might take this exam better benchmark how long it might take them to study.

What is Prototype Pollution? # This type of vulnerability allows attackers to add arbitrary properties to global object prototypes that can be inherited by user-defined objects.