Archive for

Cybersecurity – General

CTFs Aren’t Just a Game

Posted: October 1, 2021

This post is going to be a little different, I want to talk about Capture the Flag games.  I want to offer a perspective from someone who is relatively new to the space but knows just enough to be almost interesting.  I have spent the last year or so playing hacking games, studying, reading, and ...

Continue Reading

Journey of Learning: SQL Injection is fun!

Posted: August 26, 2021

By the time this is posted I will be 1 year into this journey of learning on my path to the OSCP certification.  It’s kind of amazing how much I have learned already, and I have so much more to learn.  I didn’t expect to enjoy attacking applications and servers.  I am a paranoid and cautious ...

Continue Reading

Pen Test Rules of Engagement: What You Need to Consider

Posted: August 12, 2021

In the first post of our series, Security Assessment 101: Planning a Successful Security Assessment, we detailed some of the points necessary to plan a successful security assessment, and we defined the various types of assessments organizations need to periodically conduct if they want to be sure ...

Continue Reading

Journey of Learning: Brute Forcing Stuff

Posted: July 22, 2021

There is a time for subtly evaluating a target, spotting a potential vulnerability, and quietly exploiting it to accomplish a goal.  There are also times when it is fun to swing the big meat axe to obliterate obstacles with overwhelming force.  This is part 5 of my Journey of Learning, if you ...

Continue Reading

Journey of Learning: Learning to Love the Scary Stuff

Posted: June 24, 2021

Hi again, welcome back!  This series is about the things I am learning on my way to the OSCP exam.  This is part 4, and if you would like to see the previous posts, you can do that here.  In my last post, I said that I was going to be writing about kernel exploits next.  Kernel exploits are ...

Continue Reading

Journey of Learning: File Uploads

Posted: May 27, 2021

Welcome to the third installment of my Journey of Learning.  This series is a look into my studying and preparation for the OSCP exam.  If you missed the previous story, you can catch up here.  The ContentOverload application I am building to explore some of the exam topics has some new ...

Continue Reading

Security Assessment 101: Planning a Successful Security Assessment

Posted: May 13, 2021

It’s important to evaluate your security posture and identify areas that need improvement, but a successful security assessment does not happen on accident. Have you ever wondered what goes into planning a security assessment? There is no “one-size-fits-all” security assessment strategy. ...

Continue Reading

Journey of Learning: Server-Side Template Injection

Posted: April 30, 2021

Welcome to my journey of learning.  This series is about my preparation for the OSCP exam.  More specifically this series is about how I use the things I am learning for my CTF hobby in my role on the Data Analytics team here at Set Solutions.  If you would like to know more about how this got ...

Continue Reading

Best Practices and Effective Vulnerability Management Strategy

Posted: April 1, 2021

Vulnerabilities are a fact of life. It’s an imperfect world. There is simply no way to avoid them. Fortunately, vulnerabilities can be detected, and resolved or mitigated to remove or limit the risk they present. The goal is not to try and achieve a world with zero vulnerabilities—the goal is ...

Continue Reading

A Journey of Learning: Introduction

Posted: March 23, 2021

I have spent a lot of time around security professionals, but I am not sure that I would consider myself one of them. Maybe a better way to say that is that I am a not traditional security professional.  In a field as diverse as information security, maybe the idea of a traditional security ...

Continue Reading