-
Identifying Web App Technologies Using Wappalyzer
Wappalyzer is a browser extension for identifying technologies that are used by web apps. It is available for various browser platforms from here. For this demonstration, I will be running Wappalyzer by using the Firefox extension. With Wappalyzer installed, open a web app in the browser. Next, click the Wappalyzer...
-
OnCyberSec Migration to GitHub Pages
I have been busy working on migrating oncybersec.com from WordPress to GitHub Pages, which was recently completed. The increased security and ease of maintenance made this a good move. This involved the following phases: building the site using Jekyll, importing WordPress posts into Jekyll and hosting the site on GitHub...
-
Using Virtualbox to Set Up a Virtual Environment
When looking to create a lab, one option would be to obtain physical machines. However, it is possible to install virtual machines on a single computer using virtualization technology such as Virtualbox. This requires that your host computer has sufficient resources, such as memory and storage, with the amount of...
-
Certified Az Red Team Professional: A Review
Introduction I recently passed the Certified Az Red Team Professional (CARTP) exam after going through the course: Attacking and Defending Azure AD Cloud from Pentester Academy. This course is taken before the CARTP exam and helps with developing an Azure pentesting methodology. This post will cover my experience in completing...
-
Using Wireshark to Troubleshoot Exploits
Wireshark has many use cases that are not only limited to networking. One example is using it to troubleshoot exploits, which makes it a useful addition to a pentester's toolset. This post will demonstrate how to use Wireshark to troubleshoot a phpMyAdmin remote code execution exploit (CVE-2018-12613). Burp Suite can...