How to Pass OSCP
I have not been able to publish in the last few weeks because I was preparing for OSCP. If you are thinking of obtaining this certification, here is my personal experience!
Infrastructure Hacking: WHOIS Protocol
Have you ever used the whois command? In this post I’ll talk about how to use this command to get information, as well as give you details about the whois protocol and explain some of the vulnerabilities I’ve found in this protocol.
Infrastructure Hacking: Telnet Protocol
In this post I bring you one of the first protocols in the history of the Internet: the Telnet protocol. This will be a short post as this protocol is not very complex, but I needed to include it in this section as the client is very useful during a pentesting. In general telnet (RFC854) … Read more
Infraestructure Hacking: SSH Protocol – Part II
This is the continuation of last week’s post, which you can find here. I recommend that you take a look at it before continuing reading if you haven’t seen it yet. In this post I’ll show you different methods that can be useful when it comes to vulnerating a server where the SSH protocol is … Read more
Infrastructure Hacking: SSH Protocol
This is the second post in the new section of the website where I will explain in detail a specific protocol and show examples of different ways to exploit different vulnerable implementations. To make these posts I have used as an example implementations that can be found in the hackthebox.eu, as well as Ippsec videos. … Read more
Infraestructure hacking: FTP Protocol
This is the first post in the new section of the website where I will explain in detail a protocol in contrast and show examples of different ways to exploit different vulnerable implementations. To make these posts I have used as example implementations that can be found in the hackthebox.eu platform, as well as the … Read more
HackTheBox: news, VIP and VIP+ version
One of the first posts on this website was an introduction to the platform that has been with me since the beginning of my hacking career. It is HackTheBox, a pentesting platform where thousands of intrepid hackers race trying to take control of as many machines as possible. It’s been more than two years since … Read more
OSINT techniques and tools
Searching for information in public sources and making intelligence with this information is something very useful for a hacker. Sometimes you don’t need to break into any system to get the information you need. You just need to know where to look. Google Dorks Some time ago I published a post in which I explained … Read more
Shodan
Shodan is a search engine to find specific services such as webcams, SCADA systems, linksys… Its operation is simple but effective: it scans the whole internet and uses the information returned by the device banners to discover the software version, the device model, etc. Shodan is especially useful for the investigation of IoT devices, since … Read more
SQL Injection: OAST techniques
Today I bring you a very interesting type of SQL Injection, and that is not very well known. It’s a variation of Blind SQL Injection.if you’re still not very familiar with SQL injections, I recommend you visit this post first. You should also take a look at noSQL injections from non-relational databases. In Blind SQL … Read more