Posts

The Flow Chart # We need a bit more than just a proxy and a neat interception tool like Burp Suite in order to inspect the traffic of some android applications.

I think that because mobile application testing is somewhat of a niche, the security considerations for mobile devices are also less understood.

This is an easy-difficulty mobile challenge - and here is the description: This app has stored my credentials and I can only login automatically.

Introduction # We’ve already learned a decent amount about of introductory information about OS command injection when we were studying for the Burp Suite Certified Practitioner Exam.

This blog post is meant to provide a value assessment and a review of my experience going through the course material and taking the PNPT exam.

As always we start with a port scan: ╰─ nmap -sC -sV 10.129.230.179 Starting Nmap 7.

What is Kerberos? # Kerberos is the system users within an AD domain can use to authenticate to some service on the network.

IPv6 DNS Takeover # Another internal attack vector we should keep in mind has to do with IPv6 and how it is configured with DHCP.

What is LLMNR? # LLMNR (Link-Local Multicast Name Resolution) is one of multiple local host resolution protocols.

In this challenge we are greeted with a web page: Let’s go ahead and make an account and very quickly we can observe that we are able to make and post threads with markdown content.