Tyler Ramsbey on LinkedIn: XXE Injection - Detailed Walkthrough - (TryHackMe!) (2024)

Late Night Hacking & AMA!

15

14 Comments

My plan for this live stream was to work through a TryHackMe room but it turned into an impromptu Q&A because the community had some great questions. We talk about everything from mental health & careers to content creation & the YouTube algorithm (and a lot more!) Enjoy!https://lnkd.in/gQFv9eXj

24

2 Comments

Late Night TryHackMe & AMA

20

5 Comments

TryHackMe & AMA -- LIVE!

10

1 Comment

In this video I work through the brand new "Include" challenge machine on TryHackMe. I demonstrate how to perform proper enumeration which leads to SSRF and eventually LFI to complete the challenge. I also use Caido for the full process and show off the power of Caido's "Automate" feature when fuzzing for LFI. Enjoy!https://lnkd.in/eYizF44z

22

Hacking After Midnight!

9

Friday Night Hacking & AMA

8

1 Comment

Almost 2 years ago I started my first pentest job at Rhino Security Labs, Inc. They were the only firm that took a chance on me; I had no pentest experience outside of random labs. I started as a Junior Pentester and only performed web app pentesting but was promoted to a Career/Mid-Level Pentester after a year. I also expanded my assessment types and perform all the following:- Web Apps/APIs- Internal Networks- External Networks- Mobile Apps (iOS & Android) - Cloud (AWS & Azure) - Social EngineeringI've discovered 9 CVEs, released multiple research blog posts, contributed to CloudGoat, Pacu, and various other open-source software. Rhino is an amazing place to work and the best pentesting firm around (I might be a little bias, but it's true 😁). The best is yet to come and the only way I'm leaving Rhino is if they force me to 😅 If anyone is interested in getting connected with the Rhino crew, you can join us on our Discord - https://lnkd.in/geVnktpi A big thank you to Benjamin Caudill, Tory Fisher, and the entire team at Rhino for taking a chance on me!

219

13 Comments

In this video, I walk through how to set up phishing infrastructure for a red team engagement. I cover all the following:- Finding & purchasing phishing domains- Setting up a public C2 server - Installing Evilginx2 on the public server - Configuring DNS and TLS for the phishing domain- Setting up an O365 reverse-proxy on the domain to steal credentials - Using ChatGPT to design phishing emails Hacking is a super power that can be used for good or evil. This content is being shared for educational purposes. Only use this material for ethical hacking with full consent from the target organization; everything else is illegal and you WILL get caught. (A big shout out to Pwned Labs for the excellent lab on Evilginx2 I used as a basis for this!)

197

3 Comments