0ff5ec's inSecurity Blog


Written by 0ff5ec who loves discussing about security. Follow me on Twitter to continue the conversation!

LFI/RFI to shell using Burp Suite

May 29, 2019

File inclusion vulnerabilities on web services often are very critical and let's an attacker gain shell access on the server. Here we will use Burp suite to convert a file inclusion vulnerability of DVWA to gain remote code execution.

Brute force using Hydra and Burp suite

May 12, 2019

We are going to learn how to brute force web applications with hydra effectively. Hydra is a tool that is available in different flavors of Linux and support a variety of protocols to bruteforce username/password. Today we are going to focus on its http-post-form module to find our way in to a web application.

root@OSCP# whoami -> 4NONYM05 (uid=0 gid=0 groups=0)

May 02, 2019

My take on OSCP. This post talks about all the whats and whys of this awesome course offered by Offensive Security. I have tried harder to stay away from making it another OSCP review, instead tried to put in information that I gathered throughout the process which I think would be helpful to you!

It's never too late

December 28, 2018

Quick brief of 2018, we saw HSBC data breach, Uber lost UK customer data, Marriott data breach. And that’s just a highlight of what happened…

About this blog!

December 25, 2018

Merry Christmas to you all!I am going to use this blog as a place where like minded people can hang out and have productive discussion…