Resources

I try and keep a list of relevant articles and papers I've released. Below contains several items including legacy blog posts.

Reversing the Web

If all of security testing is, first and foremost, a visibility problem— reverse engineering how a website/ecosystem works is an important step when source code and other options aren’t available. If you want to have better findings, and more reliable exploits, this talk series will help:

• Lascon 2011 - (video)
• Lascon 2011 (slides)
• BsidesCT - 11/14/2020: (video)
• BsidesCT - 11/14/2020: (slides)
• Original Blog Series:
  • Reverse Engineering the Web - Intro
  • Reverse Engineering the Web - Part 2
  • Reverse Engineering the Web - Caveats

Breaching Webservers

Web applications are a primary means to breaching a company’s external network. It is a high-value goal for both malicious actors and security professionals to gain this valuable foothold. But how do you get from mere web application vulnerabilities to the compromise of a server? Common testing guidelines provide you a check list of items to test for, but very few show you how to utilize vulnerabilities to achieve testing goals. This talk is all about taking over webservers.

Resources:

• Toorcon 2014 (slides)