-
XSS to RCE on open source PHP Helpdesk software
This blog post is about my findings in an open source web application modification named Mods for HESK MFH. The post details a journey from unauthenticated stored XSS to full blown RCE. I think these findings and the MFH app itself makes for good practice regarding Advanced Web Attacks and Exploitation (AWAE) course and Offensive Security Web Expert (OSWE) exam.
-
My OSWE experience
After completing OSCP, I needed more - and between OSCE and OSWE, I decided AWAE with an OSWE certification was the natural next step. This is a post about my experience, progress and result, but also some recommendations for the journey.