In this section, I go over a few techniques used to compromise web applications via command injection, brute force and XSS attacks. I also provide for each vulnerability exploited, mitigation recommendations to protect your system.
You can access the full report here:
Fritzed is a newly acquired asset that includes the source code to a web application. The company was recently acquired by a competitor following a massive data breach. Fritzed had a reputation for insecure development practices, and Management would like to have a sense of how bad it is.
You can access the full report here:
In this section, I go over techniques used by malicious actors to gather critial data used to compromise their targets.
You can access the full report here:
In this section, I go over how I compromised a Windows 10 machine running "Icecast", a vulnerable free server software, and provide detailed recommendations to protect your system against each vulnerability exploited.
You can access the full report here:
In this Purple Team exercise, I play the role of both the attacker and the defender.
You can access the full report here:
And the Executive Summary here:
