-
OnCyberSec Migration to GitHub Pages
I have been busy working on migrating oncybersec.com from WordPress to GitHub Pages, which was recently completed. The increased security and ease of maintenance made this a good move. This involved the following phases: building the site using Jekyll, importing WordPress posts into Jekyll and hosting the site on GitHub...
-
Using Virtualbox to Set Up a Virtual Environment
When looking to create a lab, one option would be to obtain physical machines. However, it is possible to install virtual machines on a single computer using virtualization technology such as Virtualbox. This requires that your host computer has sufficient resources, such as memory and storage, with the amount of...
-
Certified Az Red Team Professional: A Review
Introduction I recently passed the Certified Az Red Team Professional (CARTP) exam after going through the course: Attacking and Defending Azure AD Cloud from Pentester Academy. This course is taken before the CARTP exam and helps with developing an Azure pentesting methodology. This post will cover my experience in completing...
-
Using Wireshark to Troubleshoot Exploits
Wireshark has many use cases that are not only limited to networking. One example is using it to troubleshoot exploits, which makes it a useful addition to a pentester's toolset. This post will demonstrate how to use Wireshark to troubleshoot a phpMyAdmin remote code execution exploit (CVE-2018-12613). Burp Suite can...
-
Troubleshooting Firewall Issues Using Wireshark
In a previous post, the basics of Wireshark were covered, which focused on how to analyze network traffic. Another use case of Wireshark that I have found useful is to troubleshoot firewall issues affecting a client and server in a local or remote environment. For example, when attempting to access...