Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Server Files
Team Recruitment
Security Consultant
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="TheRealMoonman" data-source="post: 406646" data-attributes="member: 52707"><p>Hello, my name is <strong>Trae</strong>, I'm a software engineer/ethical hacker, although these titles are in no way official <img src="/styles/default/xenforo/smilies/emojione/biggrin.png" class="smilie" loading="lazy" alt=":D" title="Big Grin :D" data-shortname=":D" /> in any qualification, I have had substantial amounts of experience dealing with the pair, In the case for this application, I have been doing penetration testing for around 4 years. And no, I'm not some child with a booter.</p><p></p><p>I'm going to sum out my capabilities, into categories (e.g Web Application Exploitation and Remote Exploitation)</p><p></p><p><span style="font-size: 22px">Web Application Exploitation</span></p><p><span style="font-size: 15px"><strong>SQL Injection: </strong>I have extensive experience with finding vulnerabilities for SQLi, I am very familiar with some of the types of these attacks, such as 1st order sql injection and 2nd order sql injection, I however haven't looked too much into Lateral, but that is on my bucket list when i have time to research.</span></p><p><span style="font-size: 15px"></span></p><p><span style="font-size: 15px"><strong>XSS: </strong>My experience with XSS is pretty average, but due to it being a very simple attack, I am very aware of the differences between Persistent XSS and Reflective, along with DOM-Based XSS.</span></p><p><span style="font-size: 15px">Although XSS, can sometimes be not very harmful, people adding stuff like <script>alert('XSS')</script>, but a Persistent XSS, is a massive security issue for somebody like me, below is a hypothetical senario.</span></p><p><span style="font-size: 15px"></span></p><p><span style="font-size: 15px">[SPOILER="Senario"]</span></p><p><span style="font-size: 15px">If i were the attacker, and i saw a persistent XSS vulnerability, what i would do is change over to Kali Linux, setup a beef server, and basically insert a script, that calls back to my beef server, and hooks every user's browser that views the page that has the malicious code, and that gives me access to exploit through their browser, or do simple things like Session Hijack, the opportunities are almost limitless.</span></p><p><span style="font-size: 15px">[/SPOILER]</span></p><p><span style="font-size: 15px"></span></p><p><span style="font-size: 22px">Remote Exploitation</span></p><p><span style="font-size: 15px">Windows: Windows is probably the most prone operating system, to get a virus, there are thousands that are around, and protecting yourself from them all, is impossible to say the least, perfect example is Ms12-020, which is a Dos attack against Windows Server 2008 SP1 -SP2, lucky enough not the average scriptkiddie knew about this, especially ones you see lurking around on devbest.</span></p><p><span style="font-size: 15px">My experience with exploiting windows machines, ranging from servers to personal computers, is quite good, their are many ways to exploit a machine remotely without requiring any social engineering, or personal knowledge of the people that run it, my way of helping people fix those problems, is pretty simple, sometimes costly, if you're running on an old version of windows e.g Windows Server 2003 or 2008 due to financial issues, It is practical to secure the Server as much as possible, but in the end of the day there is no computer impervious to attack.</span></p><p></p><p><span style="font-size: 22px">Other skills</span></p><p><span style="font-size: 15px">[-] + Testing web logins with bruteforce</span></p><p><span style="font-size: 15px">[-] + Testing web protocols (ftp, ssh, mysql) against brute force and remote exploitation techniques</span></p><p><span style="font-size: 15px">[-] + Social Engineering (Testing staff awareness)</span></p><p><span style="font-size: 15px">[-] + Software Engineering</span></p><p><span style="font-size: 15px">[-] + Reverse Engineering Experience (.Net Applications [Who can't decompile a .Net Application], C++ [Eh, Not that great, I use IDA])</span></p><p></p><p><span style="font-size: 22px">My cost</span></p><p><strong><span style="font-size: 18px">F<img src="https://cdn.devbest.com/data/assets/smilies/REE.png" srcset="https://cdn.devbest.com/data/assets/smilies/REE.png 1x, https://cdn.devbest.com/data/assets/smilies/REE-2x.png 2x" class="smilie" loading="lazy" alt="REE" title="REE REE" data-shortname="REE" /> </span></strong><span style="font-size: 15px">lol, the only requirement is that you endorse me on LinkedIn.</span></p><p><span style="font-size: 15px"></span></p><p><span style="font-size: 22px">How to contact me</span></p><p><span style="font-size: 15px">Pm me on devbest, or add me @ <a href="https://www.facebook.com/Traejb" target="_blank">fb/traejb</a></span></p><p><span style="font-size: 15px"></span></p><p><span style="font-size: 22px">Tools i use.</span></p><ol> <li data-xf-list-type="ol">Kali Linux 2.0</li> <li data-xf-list-type="ol">My Hands</li> <li data-xf-list-type="ol">SQLMAP</li> <li data-xf-list-type="ol">Metasploit Framework</li> <li data-xf-list-type="ol">IDA Pro (For reverse engineering)</li> <li data-xf-list-type="ol">nmap, zenmap</li> </ol></blockquote><p></p>
[QUOTE="TheRealMoonman, post: 406646, member: 52707"] Hello, my name is [B]Trae[/B], I'm a software engineer/ethical hacker, although these titles are in no way official :D in any qualification, I have had substantial amounts of experience dealing with the pair, In the case for this application, I have been doing penetration testing for around 4 years. And no, I'm not some child with a booter. I'm going to sum out my capabilities, into categories (e.g Web Application Exploitation and Remote Exploitation) [SIZE=6]Web Application Exploitation[/SIZE] [SIZE=4][B]SQL Injection: [/B]I have extensive experience with finding vulnerabilities for SQLi, I am very familiar with some of the types of these attacks, such as 1st order sql injection and 2nd order sql injection, I however haven't looked too much into Lateral, but that is on my bucket list when i have time to research. [B]XSS: [/B]My experience with XSS is pretty average, but due to it being a very simple attack, I am very aware of the differences between Persistent XSS and Reflective, along with DOM-Based XSS. Although XSS, can sometimes be not very harmful, people adding stuff like <script>alert('XSS')</script>, but a Persistent XSS, is a massive security issue for somebody like me, below is a hypothetical senario. [SPOILER="Senario"] If i were the attacker, and i saw a persistent XSS vulnerability, what i would do is change over to Kali Linux, setup a beef server, and basically insert a script, that calls back to my beef server, and hooks every user's browser that views the page that has the malicious code, and that gives me access to exploit through their browser, or do simple things like Session Hijack, the opportunities are almost limitless. [/SPOILER] [/SIZE] [SIZE=6]Remote Exploitation[/SIZE] [SIZE=4]Windows: Windows is probably the most prone operating system, to get a virus, there are thousands that are around, and protecting yourself from them all, is impossible to say the least, perfect example is Ms12-020, which is a Dos attack against Windows Server 2008 SP1 -SP2, lucky enough not the average scriptkiddie knew about this, especially ones you see lurking around on devbest. My experience with exploiting windows machines, ranging from servers to personal computers, is quite good, their are many ways to exploit a machine remotely without requiring any social engineering, or personal knowledge of the people that run it, my way of helping people fix those problems, is pretty simple, sometimes costly, if you're running on an old version of windows e.g Windows Server 2003 or 2008 due to financial issues, It is practical to secure the Server as much as possible, but in the end of the day there is no computer impervious to attack.[/SIZE] [SIZE=6]Other skills[/SIZE] [SIZE=4][-] + Testing web logins with bruteforce [-] + Testing web protocols (ftp, ssh, mysql) against brute force and remote exploitation techniques [-] + Social Engineering (Testing staff awareness) [-] + Software Engineering [-] + Reverse Engineering Experience (.Net Applications [Who can't decompile a .Net Application], C++ [Eh, Not that great, I use IDA])[/SIZE] [SIZE=6]My cost[/SIZE] [B][SIZE=5]FREE [/SIZE][/B][SIZE=4]lol, the only requirement is that you endorse me on LinkedIn. [/SIZE] [SIZE=6]How to contact me[/SIZE] [SIZE=4]Pm me on devbest, or add me @ [URL='https://www.facebook.com/Traejb']fb/traejb[/URL] [/SIZE] [SIZE=6]Tools i use.[/SIZE] [LIST=1] [*]Kali Linux 2.0 [*]My Hands [*]SQLMAP [*]Metasploit Framework [*]IDA Pro (For reverse engineering) [*]nmap, zenmap [/LIST] [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Server Files
Team Recruitment
Security Consultant
Top