Symfony JMose CommandScheduler RCE

A journey in a Symfony website with JMose CommandScheduler enabled lead to some interesting results.

rConfig 3.9.4 multiple vulnerabilities

A journey in rConfig 3.9.4 lead to preauth sql injection, auth bypass, and remote code execution

Achieve Pareto Principle in secure code review, or die trying

Blog post for my talk about secure code review at End Summer Camp 2K20

Long the Ripper

Long story short, both john and hashcat will fail to recover a password from an ntlm hash if she's longer than ~28chars. Say 'Hi!' to Long the Ripper

eLearnSecurity eXploit Development Student

Here is my take on eLearnSecurity eXploit Development Student course and relative certification process

SLAE32 / SLAE64

Here is my take on Securitytube Linux Assembly Expert 32/64bit

Advanced Web Attack and Exploitation - Offensive Security Web Expert

Here is my take on Advanced Web Attack and Exploitation course and relative exam for Offensive Security Web Expert

Cracking The Perimeter - Offensive Security Certified Expert

Here is my take on Cracking The Perimeter course and relative exam for Offensive Security Certified Expert

Penetration Testing with Kali - Offensive Security Certified Professional

Here is my take on Penetration Testing with Kali and relative exam for Offensive Security Certified Professional

Course Reviews Format

A quick introduction on my view regarding courses and certifications