Why use Burp Suite when OWASP ZAP does it all* without the paywall. Everything you do in Burp Community can be done just as well in ZAP.

Nearly every web application pentesting tutorial you’ll find online uses Burp Suite Community for demonstrations, but why is this? Burp Suite is the most popular, but every time I use it, I feel like I’m playing a free-to-play game where all the good stuff is behind a “membership”. There is a persistent feeling of irritation in facing this paywall every time I use Burp.

Burp Suite has it’s vulnerability scanner and it’s fuzzing…

Learn about Active Directory penetration testing enumeration and exploitation using tools like Impacket, Kerbrute, and CrackMapExec. This post focuses on initial external enumeration and exploitation; from the perspective of having access to the AD network but have no account credentials and little information about the internal network. You will learn:

  • Target enumeration with Nmap, CME, Nbtscan
  • Username enumeration with Nmap and Kerbrute
  • Exploit misconfigurations with Windapsearch and AS-REP Roasting
  • Poisoning AD protocols with Responder and mitm6
  • Password Spraying with Kerbrute and Spray.sh
  • Pass the Hash and Kerberoasting

As if this is a black box test, out goal is to first…

Learn from painfully common mistakes that contributed to my initial failure and how to pass the Offensive Security Certified Professional exam. I went from a 35 point fail to a 100 point pass a few months later.

This post is written to help those on their ‘OSCP journey’, practicing hard on vulnerable machine platforms for their OSCP exam attempt. I want to improve your chances of passing by sharing my common mistakes, tips for successes, and how to practice most effectively. I’ve read hundreds of “OSCP journey” or “OSCP review” type posts like this one during my dive into the…

You have Remote Code Execution on a vulnerable machine, but how do you get a shell?

While hacking vulnerable machines, you’ll find neat exploits that give you a shell on the target automatically. However, most exploits merely give Remote Code Execution(RCE) which needs to be utilized to execute further commands on a target to get a shell connection. This isn’t always straight forward, and involves alot of trail and error. Testing different reverse shell payloads and trying different techniques…

In this post, I’ve documented all the techniques I’ve found in going from RCE to shell for Linux and Windows machines…

Buff is a machine that is relatively beginner friendly. This write-up is similarly geared towards beginners to Hack the Box(HTB) and Pen-testing/Ethical Hacking in general. Things like hacking phases and what a shell is will be explained more in-depth than the average HTB write-up.

This machine is also great for beginners because it employs techniques that are common in Hack the Box and other vulnerable machine platforms. Things like starting a netcat shell and a python web server is done several times, which is great practice.


There are a few things you need to get started hacking something in Hack…

Netcat, Nmap, Gobuster, these are all staple tools in the ethical hacking world. If you frequent Hack the Box, Try Hack Me or any other ethical hacking lab platform, you likely use the aforementioned tools very often. What if you could upgrade those tools?

Upgrade may be a dramatic word, but the hacking tools that this article is going to go over were developed to work faster and/or better than the usual tool. Pwncat, Feroxbuster, Rustcan and Updog is what will be reviewed.


The upgrade for Netcat. In pen testing lab environments you’re constantly exploiting Remote Command Execution vulnerabilities and…

This guide will show you the simplest way to get a remote shell connection on a Windows 10 target just by plugging in the Bash Bunny. This connection will give you command line control over the computer from a remote location, which I’d constitute as a “hacking” a Windows computer.

This works equally as well, and probably better with a Rubber ducky (because it works faster) but I don’t own a Rubber Ducky, the Bash Bunny is just what I had on hand. …

There is a jabbing distaste for cloud storage services in the infosec community which is summed up by the quip: “the cloud is just someone else's computer”. By using cloud services like Dropbox, Google Drive, OneDrive, etc. you’re entrusting the privacy and security of your data to another company. Historically, cloud services providers have had a bit of trouble keeping hackers out of their client’s data. Not to mention, they will give up your data to the feds and you’ll never know.

Cloud services are extremely useful, but when it comes to personal storage of your private notes, documents and…

I’ll show you how to set up a Kali Linux virtual private sever(VPS) on Digital Ocean for ethical hacking, how to use a browser though your VPS, get a free domain name for your VPS, make a local backup and more!

When doing ethical hacking challenges or on pen-testing lab platforms like Hack the Box(HTB), Try Hack Me(THM) or Cyber Sec Labs(CSL), you’re likely hacking from a virtual machine. This works great but I’ve found setting up a VPS to launch my ethical hacking endeavors from has a few important benefits.

First off, you have persistence in your hacking session…

In this step by step guide, you’ll learn how to grab Windows 10 hashes then recover the password with various hash cracking techniques. The toolset included in this guide is Kali Linux, Mimikatz, Hypervisors, Hashcat and Johnny.

There are plenty of guides out there for cracking Windows hashes. However many of them are outdated because Windows is making it more difficult to recover hashes. I wish to share the method that works with a modern Windows 10 system.

This guide assumes you have physical access to a Windows 10 computer and wish to bypass the operating system password. …

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store