Hello readers, so it has been a long-time since writing content . I recently cleared the OSCP certification with the PWK2020 edition. So this blog post will be about my experience, takeaways and the things to look out for in the OSCP.

//Please note the information below is based on my personal experience with the OSCP//

I will divide the OSCP course and exam into the following stages:

  1. Requirements
  2. Time Threshold
  3. PWK Labs and Materials
  4. The Exam
  5. My takeaways from the exam
  6. Final Thoughts
  7. Useful Resources

Requirements

Before heading into the thoughts of purchasing the PWK2020 I would suggest you…


The Apache Ghostcat vulnerability is a file inclusion vulnerability which came out in the first quarter of this year while the world was gearing up for a lockdown fight up against the coronavirus.

It allows any attacker to read files such as configuration files , test files or any other tomcat directory files . In addition, if a victim website permits any user to upload files, an attacker can upload the file containing malicious JSP code to the server and then include the uploaded file by exploiting the Ghostcat vulnerability, resulting in remote code execution. Well like the coronavirus’s family…


Oauth2.0 framework and common security test cases

Introduction to Oauth

Oauth2 is an authorization framework at best. Consider the following generic example, Alice and Bob want to submit their CVs on a job posting website called JOBS.com. Now JOBS.com has two ways of uploading a CV. The first option uses Alice and Bob’s LinkedIn profile as their CV while the second uses a manually crafted CV to be uploaded(which is the general way) . Alice chooses to upload via LinkedIn as she is lazy lets suppose :} while Bob drafts and uploads his CV manually. What Alice has done here is allowing JOBS.com to access Alice’s LinkedIn…


Hello readers, in this article I just want to share my experience of working around a Machine named Chainsaw. I am a noob to network security so started doing some Hackthebox Stuff to learn. Any noobs like myself that want to learn network security can watch videos of ippsec(helps a lot),cyber mentor and hackersploit on youtube. I solved it in late November took a lot of time to solve (nearly a week!)I personally loved the machine and couldn’t get over it, it retired around 10 days ago I suppose. The machine deals with Solidity, Ethereum Blockchain, IPFS stack and many…


The traditional REST model is similar to doing following tasks like getting your shipments delivered to you, ordering food online i.e, two different activities hence two different calls. However, GraphQL is like having personal assistant that does tasks for you once you give the required details such as address and your interests where you can simply ask what you want and wait for them to get to you.In other words, GraphQL is a standard language that the assistant in the example uses to serve you your interests all at once. …

just_a_noob

Prakash Ashok, Security Analyst at WeSecureApp, CTF player, Blockchain developer and Security Researcher.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store