How to Pass OSCP

How to Pass OSCP

I have not been able to publish in the last few weeks because I was preparing for OSCP. If you are thinking of obtaining this certification, here is my personal experience!

HackTheBox: news, VIP and VIP+ version

hackthebox

One of the first posts on this website was an introduction to the platform that has been with me since the beginning of my hacking career. It is HackTheBox, a pentesting platform where thousands of intrepid hackers race trying to take control of as many machines as possible. It’s been more than two years since … Read more

Shodan

Hacking

Shodan is a search engine to find specific services such as webcams, SCADA systems, linksys… Its operation is simple but effective: it scans the whole internet and uses the information returned by the device banners to discover the software version, the device model, etc. Shodan is especially useful for the investigation of IoT devices, since … Read more

SQL Injection: OAST techniques

Hacking

Today I bring you a very interesting type of SQL Injection, and that is not very well known. It’s a variation of Blind SQL Injection.if you’re still not very familiar with SQL injections, I recommend you visit this post first. You should also take a look at noSQL injections from non-relational databases.  In Blind SQL … Read more

Cross-Site Scripting II: Advanced

Cross-Site Scripting II: Advanced

This post is the continuation of another one I published a few months ago. If you haven’t read it yet, I recommend you take a look at it. You already know that it is a Cross-Site Scripting, you know what types there are, what payloads to test, in which fields to look when you are … Read more

Cross-Site Scripting: XSS Injection

Cross-Site Scripting: XSS Injection

After the posts about SQL Injection and NoSQL Injection, today I bring you the XSS Injection. This attack consists of injecting malicious code into benign web pages. The attacker injects code from the client side, so that for a bad configuration of the website, this code is shown to other users. This type of attack … Read more

noSQL Injection

noSQL Injection

In previous posts I have talked about SQL injections. It is usually the first example of computer security that is given to a student: ” ´ or 1 = 1 — a “ However, this is only useful for servers that use relational databases, such as MySQL, MSSQL, Oracle. In the last decade another type of … Read more