Archive for the ‘Uncategorized’ Category

Encrypted App.Config

Posted: 22nd July 2018 by 2bitwannabe in Uncategorized

If you’ve ever developed in .NET or conducted a pentest on a .NET website or application, then you’ll likely have encountered encrypted strings within the .config file. Generally this is a good thing and smart thinking of on the part of the developer, providing you don’t have access to the server that is running/hosting the […]

Bash Bunny by Hak5

Posted: 11th March 2017 by 2bitwannabe in Uncategorized

I’ve ordered the shiny new product from Hak5 and I hope to give a review of the product and it’s useful applications in the world of Pen testing and IT in General in due course. Update: I did a introduction post of this for Portcullis Security (now part of Cisco) which you can view here: […]

Enumeration is Key

Posted: 11th March 2017 by 2bitwannabe in Uncategorized

I guess this may seem like an obvious statement to seasoned InfoSec Professionals, but for anybody wanting to start out in this industry, it would not be that obvious. While the tools you will likely use will depend on your situation you will always need enumeration to discover more about your target. This will give […]

In the attached blog post, Soroush (@irsdl) will show you a better way to exploit non-root-relative path overwrite issues in ASP.NET Web Form applications. This is a low risk vulnerability that can be used to inject a resource such as a stylesheet or even a dynamic JavaScript into an affected web page. https://soroush.secproject.com/blog/2015/02/non-root-relative-path-overwrite-rpo-in-iis-and-net-applications/ I had […]

How Much Security is Enough

Posted: 7th March 2014 by 2bitwannabe in Uncategorized
Tags: , , ,

I  came across a few articles from JustASC that I thought I’d share: http://www.justasc.net/advice/how-much-security-is-enough/ http://www.justasc.net/advice/cyber-the-sme-who-would-want-to-attack-me/ http://www.justasc.net/advice/the-truth-about-passwords-2/

Kali Linux in the Amazon Cloud

Posted: 5th March 2014 by 2bitwannabe in Uncategorized
Tags: , ,

Recently I found out that Kali is now in the Amazon Cloud: more details can be found here: http://www.kali.org/news/kali-linux-amazon-ec2-ami/ Which after reading now cool this http://www.offensive-security.com/kali-linux/kali-linux-iso-of-doom/ was it got me wondering if EC2 Kali was not a better replacement for the remote nodes to connect to. I’ve just starting using it and so far so good and […]

First Proper Post

Posted: 26th October 2013 by 2bitwannabe in Uncategorized
Tags: , , , , , ,

Hi, It’s taken me a while to finally get around to my first proper post, it’s been a busy few months since I was at the Cyber Security Challenge Masterclass, I finally got around to taking CSTA (Certified Security Testing Associate)  from 7Safe. Thanks to the Cyber Security Challenge & 7Safe for this great prize. Well […]

Hello world!

Posted: 5th April 2013 by 2bitwannabe in Uncategorized

Welcome to my blog as I prepare to take the CREST Certified Registered Tester Exam & Beyond, wherever that takes me…