It has been a while since I did a CTF so i decided to dive into one and I selected the Bulldog CTF created by Nick Frichette, you can find it here https://www.vulnhub.com/entry/bulldog-1,211/. It was a great exercise that helped remind me of some basic things to check when doing pen tests or CTFs. I […]

Due to the positive response I got on my previous write up, I figured I’d keep the ball rolling and do another. Thank you to everyone who shared the last post, and I hope that you find this write up just as enjoyable. Tutorial Mode Server Side Request Forgery (SSRF) is just a fun bug […]

Ignoring that fact that I’m less than consistent with my blog posts, you’d think that I’d do a bug bounty write up at some point. I recently reached the top 100 on Bugcrowd and I’ve spent some time on other self managed programs. Well, the time has finally come. I participated in an invite-only program […]

Star Wars fans, let’s be honest here.  All of us at one point or another dreamed of being Boba Fett.  Who doesn’t want a jet pack, a blaster rifle/flame thrower, and an awesome back story?  Not to mention, an inherently bad-ass job.   Even 9 year old Matt was flying his mini version of the […]

I left college with a decent amount of programming experience, mostly in Java, but never really had an opportunity to actually use it.  Sure, I had an <sarcasm>absolute blast</sarcasm> creating everything from calculators, to red-black trees, to web servers while at school, but I was never really able to apply it to something I found […]

The security community has a lot of perks, low unemployment, lots of excitement, new challenges every day, and an endless supply of things to learn. However not everyone likes what we do and not everyone likes to listen to us, ever. There are so many bugs out there that a large amount of us like […]

Jeremy Brown gave an awesome presentation at DEFCON 18 about Exploiting SCADA systems. That was almost 7 years ago. Several other industry professionals including my self have given presentations on defending, security, and exploiting these systems. They are all posted online and you can access them for free. All of these talks highlight a common […]