Symfony JMose CommandScheduler RCE
A journey in a Symfony website with JMose CommandScheduler enabled lead to some interesting results.
rConfig 3.9.4 multiple vulnerabilities
A journey in rConfig 3.9.4 lead to preauth sql injection, auth bypass, and remote code execution
Achieve Pareto Principle in secure code review, or die trying
Blog post for my talk about secure code review at End Summer Camp 2K20
Long the Ripper
Long story short, both john and hashcat will fail to recover a password from an ntlm hash if she's longer than ~28chars. Say 'Hi!' to Long the Ripper
eLearnSecurity eXploit Development Student
Here is my take on eLearnSecurity eXploit Development Student course and relative certification process
SLAE32 / SLAE64
Here is my take on Securitytube Linux Assembly Expert 32/64bit
Advanced Web Attack and Exploitation - Offensive Security Web Expert
Here is my take on Advanced Web Attack and Exploitation course and relative exam for Offensive Security Web Expert
Cracking The Perimeter - Offensive Security Certified Expert
Here is my take on Cracking The Perimeter course and relative exam for Offensive Security Certified Expert
Penetration Testing with Kali - Offensive Security Certified Professional
Here is my take on Penetration Testing with Kali and relative exam for Offensive Security Certified Professional
Course Reviews Format
A quick introduction on my view regarding courses and certifications