Subscribe: Online Stock Market Investing Advice
Preview: Online Stock Market Investing Advice


A place for you to see my dirty bits!

Last Build Date: Thu, 10 Aug 2017 21:34:34 +0000


100 Bugs in 30 Days

Wed, 21 Dec 2016 19:21:20 +0000

Being a part time bug/bounty hunter, I was doing a little reading and was inspired by Shubham Shah who posted about his efforts to get 120 Bounties in 120 days.  I came across this article quite some time ago, and it has weighed heavily ever since.  Ultimately I decided to follow suite with a slightly […]

Multiple Vulnerabilities – Trend Micro Control Manager 6.0

Mon, 07 Nov 2016 14:47:32 +0000

The following are publicly disclosed vulnerabilities I discovered with TrendMicro Control Manager 6.0 Full details of the vulnerabilities have not been agreed upon for disclosure, so this is more for record keeping than anything else.  Please do not inquire for details as there is no agreement in place for me to divulge any.  As much […]

Top 3 Ways To Fail As A Technical Recruiter

Tue, 25 Oct 2016 17:15:45 +0000

Quick disclaimer.  I am not actively looking for a new job.  I have a solid salaried gig that pays well and allows for a very accommodating work/life balance.  But that doesn’t mean I don’t still ‘collect’ contact information with solid recruiters in case the shit hits that fan.  So when I get contacted about jobs, […]

Bug Bounty Program Primer – Finding Vulnerabilities for Fun and Profit

Thu, 18 Aug 2016 01:30:37 +0000

After some requests and questions asked, I decided to answer the emails in the form of a post about bug bounty programs. For those that do not know me personally, let me get the ‘street cred’ out of the way.  I have been bug hunting (bounty hunting) for a couple years now, and came in […]

ZDI-16-348: Trend Micro InterScan Web Security ManagePatches filename Remote Code Execution Vulnerability

Wed, 27 Jul 2016 16:58:17 +0000

Version: IWSVA65sp2 Summary: The com.trend.iwss.gui.servlet.ManagePatches servlet contains a flaw allowing any authenticated user (including ‘Report Only’ users) to execute commands under the context of the root user. Details: The com.trend.iwss.gui.servlet.ManagePatches servlet is used by elevated privilege users to upload files (patches). The functionality, however, can be used by any authenticated user simply by substituting their […]

CVE-2016-5840: Trend Micro Deep Discovery hotfix_upload.cgi filename Remote Code Execution Vulnerability

Mon, 25 Jul 2016 16:37:25 +0000

Version: TDA 2.6.1062r1 Summary: The hotfix_upload.cgi file contains a flaw allowing a user to execute commands under the context of the root user. Details: The hotfix_upload.cgi file is used to upload files (hot fixes). Below is a sample of the upload function being used: POST /cgi-bin/hotfix_upload.cgi?sID=hotfix_temp HTTP/1.1 Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */* […] Local File Disclosure

Thu, 02 Jun 2016 15:28:54 +0000

Those who know me are aware that I partake in bug bounty programs.  Today I’m giving you a brief post on a recent finding and the response/reward received after the submission. AlienVault had a swag based bug bounty posted, which appears to have gone offline as I can no longer find the page detailing the […]

Hack the Pentagon Top 10

Mon, 09 May 2016 16:30:51 +0000

Had to brag a little, because I’m a bit pleased with myself.  The first ever “Hack the Pentagon” bug bounty program kicked off Mid April (the 18th?).  I submitted several flaws within the first 24 after feeling i had fished out the easy shit.   At the time of the screenshot, I have 8 verified […]

An OSCP Review – The OSCP Epic Part 4 – Grand Finale

Sat, 12 Mar 2016 16:31:46 +0000

As of March 12th 2016 I am OSCP certified.  Writing that first sentence was VERY bitter sweet.  I stopped doing the lab after the 4th month.  In all i was putting in roughly 25 hours a week into the lab.  The last two week stint I purchased was a huge boon and pushed well in […]

An OSCP Review – The OSCP Epic Part 3

Tue, 27 Oct 2015 15:48:43 +0000

I just purchased my third month, and I have mixed feelings about doing so.  I have spent almost 6 weeks (minus 2 out of the 8 for selling my house and moving), averaging almost 20 hours per week.  At this point i have 25 machines fully rooted/system’d, including the ‘gimme’ msf box.  My goal was […]