Category: Blog

  • An Intro on Port Knocking

    Introduction Today, I came across a strange phenomenon whilst looking at a troubleshooting scenario: Connection refused on port 80, nothing too interesting. However, when I was looking for other open ports using nmap I tried the same test again: Now how is that possible? This is all because it had been protected using Port Knocking.…

  • SSH Tunnelling: Remote & Local Port Forwarding

    Introduction – What is SSH? Secure shell (SSH) was introduced about 6 years after the World Wide Web (made by the great Tim Berners-Lee!) and is an encrypted method for sending data over an insecure network. Initial connection setup is kept secure as the process uses public key cryptography to verify the identity of the…

  • Configuring Burp Proxy

    Background Burp Suite is an essential tool for web penetration testing and one module they provide is Burp Proxy, an intermediary proxy that rests between your client browser and web application. This proxy is nifty as you’re able to intercept any HTTP(S) requests and modify them to your liking, this modified traffic can then be…

  • Overpass

    Note: I do post my method which can provide spoilers to people trying this. Chapter 1 – Overpass Enumeration + Access Only provided with a target IP address, first step is to begin with a simple enumeration: HTTP site provides a password manager site with precompiled binaries of Overpass. However, leaving this for now to…

  • Network Services 2

    The common services I’ll be looking into are the following: This room has 11 tasks, but Task 1 and Task 11 are ‘I understand and continue’ tasks. Task 2 – Understanding NFS NFS allows a system to share directories and files with others over a network. It does so by mounting all, or a portion…

  • CompTIA Security+

    Most people who are in the IT field have heard of CompTIA. A technical certificate provider organisation that people of all levels can look into getting. A plethora of certificates are provided by CompTIA. One of the most entry-level certificates is the A+ certificate that gives an overview of the IT fundamentals. As someone who…

  • AWS Certified Cloud Practitioner

    Amazon Web Services (AWS) is a global Cloud Service Provider (CSP) that provides services to just about anyone from individual developers to conglomerates. Although other CSPs exists such as Microsoft’s Azure and Google Cloud – AWS is currently the most popular. Having taken a look myself, it becomes apparent that many individuals and organisations choose…

  • Site Migration Story

    Note: I have since moved my site again for ease… Prior to hosting this website on AWS, I used to host my website on Github using Github Pages. Free and easy-to-use it allowed for me to create blog entries with relative ease. However, a main concern for me which made me pivot from Github to…