Recently I completed the Certified Red Team Operator certification by Zero-Point Security. Overall my experience for this certification was simply “Awesome” and I would recommend it for anyone willing to up their game when it comes to Windows environment red teaming techniques. To give a little background I am not…

On one lonely Saturday evening I got really bored so I picked some random application to look at. This application was ILIAS learning management system. CVE-2020–25268 — authenticated remote code execution CVE-2020–25267 — authenticated stored cross site scripting CVE-2020–25268 This was the most severe of the vulnerabilities found, it would allow…

Some time ago I ran into an issue where I needed to exfiltrate data over DNS because all of the other options were blocked. An important note on this is that you should read the testing description thoroughly to verify if this is even allowed, for that could potentially get…

Microsoft replied that this is out of scope of their security program as well as not deemed this as a security vulnerability at all, so I am going to do a write-up about this. “ This does not meet the bar for security servicing as it requires a user…

I have noticed a lack of reasonable tips for OSWE so I would like to share 5 from my personal experience on how to better prepare for the course and most importantly the exam. I got the results for completing OSWE exam on 7th of February 2020 and it was…