-
Using AuthMatrix to Find Access Control Issues
When testing a web app, an important area to focus on is access control. This can be tested using AuthMatrix, which is useful for testing multiple roles. This post will demonstrate how to use AuthMatrix to test for an access control issue using the Damn Vulnerable Web Application (DVWA). The...
-
Identifying Web App Technologies Using Wappalyzer
Wappalyzer is a browser extension for identifying technologies that are used by web apps. It is available for various browser platforms from here. For this demonstration, I will be running Wappalyzer by using the Firefox extension. With Wappalyzer installed, open a web app in the browser. Next, click the Wappalyzer...
-
OnCyberSec Migration to GitHub Pages
I have been busy working on migrating oncybersec.com from WordPress to GitHub Pages, which was recently completed. The increased security and ease of maintenance made this a good move. This involved the following phases: building the site using Jekyll, importing WordPress posts into Jekyll and hosting the site on GitHub...
-
Using Virtualbox to Set Up a Virtual Environment
When looking to create a lab, one option would be to obtain physical machines. However, it is possible to install virtual machines on a single computer using virtualization technology such as Virtualbox. This requires that your host computer has sufficient resources, such as memory and storage, with the amount of...
-
Certified Az Red Team Professional: A Review
Introduction I recently passed the Certified Az Red Team Professional (CARTP) exam after going through the course: Attacking and Defending Azure AD Cloud from Pentester Academy. This course is taken before the CARTP exam and helps with developing an Azure pentesting methodology. This post will cover my experience in completing...