You’ve been conned. You’re paying monthly for the illusion of privacy/security. Third-party VPN providers, those that act as fancy proxies, prey on your privacy fears to sell you a neatly packaged subscription service. Ads shilling VPNs that claim to protect your privacy from tracking and secure you from hackers is…

Only 1 year IT experience and fresh out of college, this is my story of how I became a penetration tester. About all the jobs, courses, certifications, and projects I worked on leading up to my current employment. …

Paywall blocking you? Click here to reload and enjoy for free. Learn from my mistakes and how to pass the eWPT exam. Also some hot takes on eLearnSecurity certifications compared to other offensive security related certs. The Good: discusses the great aspects of INE trainings and tips on studying for…

Productivity tools and “life hacks” to use as a cybersecurity enthusiast! Tools to manage credentials, take well organized notes, precise screenshots, and sync files. These things may sound mundane but they become the bread and butter of your computer work flow if you learn to make good use of them…

Why use Burp Suite when OWASP ZAP does it all* without the paywall. Everything you do in Burp Community can be done just as well in ZAP. Nearly every web application pentesting tutorial you’ll find online uses Burp Suite Community for demonstrations, but why is this? Burp Suite is the…

Learn about Active Directory penetration testing enumeration and exploitation using tools like Impacket, Kerbrute, and CrackMapExec. This post focuses on initial external enumeration and exploitation; from the perspective of having access to the AD network but have no account credentials and little information about the internal network. You will learn: …

Learn from painfully common mistakes that contributed to my initial failure and how to pass the Offensive Security Certified Professional exam. I went from a 35 point fail to a 100 point pass a few months later. This post is written to help those on their ‘OSCP journey’, practicing hard…

You have Remote Code Execution on a vulnerable machine, but how do you get a shell? While hacking vulnerable machines, you’ll find neat exploits that give you a shell on the target automatically. However, most exploits merely give Remote Code Execution(RCE) which needs to be utilized to execute further commands…

Buff is a machine that is relatively beginner friendly. This write-up is similarly geared towards beginners to Hack the Box(HTB) and Pen-testing/Ethical Hacking in general. Things like hacking phases and what a shell is will be explained more in-depth than the average HTB write-up. This machine is also great for…