TheRealMoonman
I eat babies
- Sep 30, 2014
- 360
- 74
Hello, my name is Trae, I'm a software engineer/ethical hacker, although these titles are in no way official in any qualification, I have had substantial amounts of experience dealing with the pair, In the case for this application, I have been doing penetration testing for around 4 years. And no, I'm not some child with a booter.
I'm going to sum out my capabilities, into categories (e.g Web Application Exploitation and Remote Exploitation)
Web Application Exploitation
SQL Injection: I have extensive experience with finding vulnerabilities for SQLi, I am very familiar with some of the types of these attacks, such as 1st order sql injection and 2nd order sql injection, I however haven't looked too much into Lateral, but that is on my bucket list when i have time to research.
XSS: My experience with XSS is pretty average, but due to it being a very simple attack, I am very aware of the differences between Persistent XSS and Reflective, along with DOM-Based XSS.
Although XSS, can sometimes be not very harmful, people adding stuff like <script>alert('XSS')</script>, but a Persistent XSS, is a massive security issue for somebody like me, below is a hypothetical senario.
Remote Exploitation
Windows: Windows is probably the most prone operating system, to get a virus, there are thousands that are around, and protecting yourself from them all, is impossible to say the least, perfect example is Ms12-020, which is a Dos attack against Windows Server 2008 SP1 -SP2, lucky enough not the average scriptkiddie knew about this, especially ones you see lurking around on devbest.
My experience with exploiting windows machines, ranging from servers to personal computers, is quite good, their are many ways to exploit a machine remotely without requiring any social engineering, or personal knowledge of the people that run it, my way of helping people fix those problems, is pretty simple, sometimes costly, if you're running on an old version of windows e.g Windows Server 2003 or 2008 due to financial issues, It is practical to secure the Server as much as possible, but in the end of the day there is no computer impervious to attack.
Other skills
[-] + Testing web logins with bruteforce
[-] + Testing web protocols (ftp, ssh, mysql) against brute force and remote exploitation techniques
[-] + Social Engineering (Testing staff awareness)
[-] + Software Engineering
[-] + Reverse Engineering Experience (.Net Applications [Who can't decompile a .Net Application], C++ [Eh, Not that great, I use IDA])
My cost
F lol, the only requirement is that you endorse me on LinkedIn.
How to contact me
Pm me on devbest, or add me @
Tools i use.
I'm going to sum out my capabilities, into categories (e.g Web Application Exploitation and Remote Exploitation)
Web Application Exploitation
SQL Injection: I have extensive experience with finding vulnerabilities for SQLi, I am very familiar with some of the types of these attacks, such as 1st order sql injection and 2nd order sql injection, I however haven't looked too much into Lateral, but that is on my bucket list when i have time to research.
XSS: My experience with XSS is pretty average, but due to it being a very simple attack, I am very aware of the differences between Persistent XSS and Reflective, along with DOM-Based XSS.
Although XSS, can sometimes be not very harmful, people adding stuff like <script>alert('XSS')</script>, but a Persistent XSS, is a massive security issue for somebody like me, below is a hypothetical senario.
If i were the attacker, and i saw a persistent XSS vulnerability, what i would do is change over to Kali Linux, setup a beef server, and basically insert a script, that calls back to my beef server, and hooks every user's browser that views the page that has the malicious code, and that gives me access to exploit through their browser, or do simple things like Session Hijack, the opportunities are almost limitless.
Remote Exploitation
Windows: Windows is probably the most prone operating system, to get a virus, there are thousands that are around, and protecting yourself from them all, is impossible to say the least, perfect example is Ms12-020, which is a Dos attack against Windows Server 2008 SP1 -SP2, lucky enough not the average scriptkiddie knew about this, especially ones you see lurking around on devbest.
My experience with exploiting windows machines, ranging from servers to personal computers, is quite good, their are many ways to exploit a machine remotely without requiring any social engineering, or personal knowledge of the people that run it, my way of helping people fix those problems, is pretty simple, sometimes costly, if you're running on an old version of windows e.g Windows Server 2003 or 2008 due to financial issues, It is practical to secure the Server as much as possible, but in the end of the day there is no computer impervious to attack.
Other skills
[-] + Testing web logins with bruteforce
[-] + Testing web protocols (ftp, ssh, mysql) against brute force and remote exploitation techniques
[-] + Social Engineering (Testing staff awareness)
[-] + Software Engineering
[-] + Reverse Engineering Experience (.Net Applications [Who can't decompile a .Net Application], C++ [Eh, Not that great, I use IDA])
My cost
F lol, the only requirement is that you endorse me on LinkedIn.
How to contact me
Pm me on devbest, or add me @
You must be registered for see links
Tools i use.
- Kali Linux 2.0
- My Hands
- SQLMAP
- Metasploit Framework
- IDA Pro (For reverse engineering)
- nmap, zenmap
Last edited: