Nessus Pro is a great vulnerability scanner but analysing results quickly becomes unwieldy once you have more than a couple of scheduled scans or a large scan space. So I wrote a tool to export Nessus results using the API into a relational database. https://github.com/eddiez9/nessus-database-export EER…

This is one of those projects where I never stopped to ask why. But just in case you also want a vacuum cleaner that can double as a Spotify Connect speaker, I can help point you in the right direction. First, the end result: This requires very little technical ability…

In a recent penetration test I came across a novel technique to transfer files into restrictive VDI environments where all conventional ways of transferring files had been disabled. It's not rocket science but I thought it was interesting enough to warrant a brief write-up. TLDR; Base64 encode the file -&…

Throughout Offensive Security's CTP course you may find yourself wanting to build your own home lab with old Windows VMs. I found it difficult to locate Windows ISOs that were both untouched and of the exact version I wanted. This is a method I found to be effective. Identify the…

I'm currently doing a SANS OnDemand course. Although the content has been very informative and practical, SANS doesn't provide students a way to retain any of the course videos for future reference. MP3 recordings, slides and physical course materials are all that's provided. It's possible to go through the whole…