You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: contributions/contributions.csv
-1Lines changed: 0 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -1,7 +1,6 @@
1
1
4/12/22;Backend Machine;https://app.hackthebox.com/machines/Backend;API Testing is one of the few things I haven't really seen on many CTF's. I wanted to really showcase how to find API Endpoints by fuzzing. When finding web endpoints, most people try filename + extextension, but with API's its more about filenames + HTTP Methods.
2
2
4/10/22;Live Recon with NahemSec;https://youtu.be/3R2HkX-opeQ;NahemSec, Stok, and JHaddix all ask me various questions. The video is timestamped, so you can see all the questions asked but we talk about my background before infosec, my thoughts on degrees and certifications, work/life balance, and more.
3
3
3/30/22;Altered Machine;https://app.hackthebox.com/machines/Altered;When learning more about Laravel, I noticed there was a default rate limiter built in on API Requests and wanted to showcase a way to bypass it. Additionally, I really wanted to show off Dirty Pipe but make it slightly harder so I installed PAM_WORDLE. In order to use the "su" command you must beat a customized version of wordle. I had found this module when looking for ways to troll CCDC Student Competitors.
4
-
3/30/22; Altered Machine;https://app.hackthebox.com/machines/Altered;When learning more about Laravel, I noticed there was a default rate limiter built in on API Requests and wanted to showcase a way to bypass it. Additionally, I really wanted to show off Dirty Pipe but make it slightly harder so I installed PAM_WORDLE. In order to use the "su" command you must beat a customized version of wordle. I had found this module when looking for ways to troll CCDC Student Competitors.
5
4
3/15/22;Blog Post: Interview with Ippsec;https://www.hackthebox.com/blog/Interview-with-Ippsec;I wrote about the top 9 questions I get asked. If you wanted to know what drew me to HackTheBox, why i started doing videos, or just advice I wish I had years ago. This blog post is for you
6
5
3/7/22; Ransom Machine;https://app.hackthebox.com/machines/Ransom;I had been learning a lot of Laravel lately and noticed how easy it is to make a "Type Juggling" mistake in PHP when the web application accepts JSON Data. I believe all Laravel API Endpoints will do this by default, so the machine has users bypass a hardcoded password to authenticate against the machine. The next step involves a crypto challenge, which I normally dislike but with how easy it is to make this mistake when creating an encrypted zip from the command line. I had to do it, tldr, ZipCrypto is hillariously bad.
7
6
2/15/22;Podcast with Scope Security;https://scopesecurity.com/a-conversation-with-ippsec-learning-to-think-like-a-hacker/;This podcast was titled "A Conversation with Ippsec: Learning to Think Like a Hacker". We talk about a lot of topics, check out the link for a good transcript.
0 commit comments