Tyler Ramsbey
Penetration Tester | Content Creator | Mentor
- Report this post
In this video, I work through the new "XXE Injection" room on TryHackMe! We get hands-on practice with identifying, exploiting, and preventing XML External Entity (XXE) attacks. I also showcase the full room with Caido. Caido is a web proxy/security tool built in Rust!https://lnkd.in/gvADWGuW
https://www.youtube.com/
28
1 Comment
Manuel R.
Software Engineer/ Aspiring Cybersecurity Student/Veteran/Mental Health Advocate/Blockchain.(Clearance eligible).
2d
- Report this comment
Very informative
1Reaction
To view or add a comment, sign in
More Relevant Posts
-
Tyler Ramsbey
Penetration Tester | Content Creator | Mentor
- Report this post
Late Night Hacking & AMA!
15
14 Comments
Like CommentTo view or add a comment, sign in
-
Tyler Ramsbey
Penetration Tester | Content Creator | Mentor
- Report this post
My plan for this live stream was to work through a TryHackMe room but it turned into an impromptu Q&A because the community had some great questions. We talk about everything from mental health & careers to content creation & the YouTube algorithm (and a lot more!) Enjoy!https://lnkd.in/gQFv9eXj
https://www.youtube.com/
24
2 Comments
Like CommentTo view or add a comment, sign in
-
Tyler Ramsbey
Penetration Tester | Content Creator | Mentor
- Report this post
Late Night TryHackMe & AMA
20
5 Comments
Like CommentTo view or add a comment, sign in
-
Tyler Ramsbey
Penetration Tester | Content Creator | Mentor
- Report this post
TryHackMe & AMA -- LIVE!
10
1 Comment
Like CommentTo view or add a comment, sign in
-
Tyler Ramsbey
Penetration Tester | Content Creator | Mentor
- Report this post
In this video I work through the brand new "Include" challenge machine on TryHackMe. I demonstrate how to perform proper enumeration which leads to SSRF and eventually LFI to complete the challenge. I also use Caido for the full process and show off the power of Caido's "Automate" feature when fuzzing for LFI. Enjoy!https://lnkd.in/eYizF44z
Include - Detailed Walkthrough - (TryHackMe!) https://www.youtube.com/
22
Like CommentTo view or add a comment, sign in
-
Tyler Ramsbey
Penetration Tester | Content Creator | Mentor
- Report this post
Hacking After Midnight!
9
Like CommentTo view or add a comment, sign in
-
Tyler Ramsbey
Penetration Tester | Content Creator | Mentor
- Report this post
Friday Night Hacking & AMA
8
1 Comment
Like CommentTo view or add a comment, sign in
-
Tyler Ramsbey
Penetration Tester | Content Creator | Mentor
- Report this post
Almost 2 years ago I started my first pentest job at Rhino Security Labs, Inc. They were the only firm that took a chance on me; I had no pentest experience outside of random labs. I started as a Junior Pentester and only performed web app pentesting but was promoted to a Career/Mid-Level Pentester after a year. I also expanded my assessment types and perform all the following:- Web Apps/APIs- Internal Networks- External Networks- Mobile Apps (iOS & Android) - Cloud (AWS & Azure) - Social EngineeringI've discovered 9 CVEs, released multiple research blog posts, contributed to CloudGoat, Pacu, and various other open-source software. Rhino is an amazing place to work and the best pentesting firm around (I might be a little bias, but it's true đ). The best is yet to come and the only way I'm leaving Rhino is if they force me to đ If anyone is interested in getting connected with the Rhino crew, you can join us on our Discord - https://lnkd.in/geVnktpi A big thank you to Benjamin Caudill, Tory Fisher, and the entire team at Rhino for taking a chance on me!
219
13 Comments
Like CommentTo view or add a comment, sign in
-
Tyler Ramsbey
Penetration Tester | Content Creator | Mentor
- Report this post
In this video, I walk through how to set up phishing infrastructure for a red team engagement. I cover all the following:- Finding & purchasing phishing domains- Setting up a public C2 server - Installing Evilginx2 on the public server - Configuring DNS and TLS for the phishing domain- Setting up an O365 reverse-proxy on the domain to steal credentials - Using ChatGPT to design phishing emails Hacking is a super power that can be used for good or evil. This content is being shared for educational purposes. Only use this material for ethical hacking with full consent from the target organization; everything else is illegal and you WILL get caught. (A big shout out to Pwned Labs for the excellent lab on Evilginx2 I used as a basis for this!)
How To Create REAL Phishing Infrastructure https://www.youtube.com/
197
3 Comments
Like CommentTo view or add a comment, sign in
18,801 followers
- 883 Posts
View Profile
Follow