This post covers all aspects of the DVWA File Upload Low Security. We will use a basic browser to upload a reverse shell, and demonstrate the same with curl to upload a revshell. The Blue Team dete...

This post covers the Blue Team perspective of the DVWA File Inclusion on Low Security. Using the Elastic SIEM to detect the File Inclusion (RFI/LFI) attempts on the server. The Purple Team section ...

In today’s post we will cover all Red Team aspects of File Inclusion (RFI/LFI) on Low Security in the DVWA. How the vulnerability arises, how we can exploit it with a basic browser, ffuf, Burp Suit...

This post covers DVWA Cross-Site Request Forgery on Low Security, how we can steal the cookies from a Firefox browser session on Linux. The Blue Team section covers how we can detect this activity ...

In today’s post we will cover how to do DVWA command injection on low sec. The initial attack will be via a basic browser session, moving on to doing it with curl and finally ffuf to find injectabl...

This post we cover all aspects of how to brute force the DVWA on Low Sec. We will “login” with Hydra, ffuf, and ZAP. In the Blue Team section I demonstrate how to detect this activity with the Elas...

Moving to a more advanced topic; this post will demonstrate how to use Nuclei templates to emulate adversarial behaviour. We will use the alerts generated by Nuclei to test our Elastic SIEM rules. ...

This post demonstrates how to recon the DVWA. The Blue Team section demonstrates how to use the Elastic SIEM to detect the activity. The Tartarus Lab Vagrant file we will bring up the whole infrast...

Note This will only bring up Red Team related guests, if you want to participate in the Blue Team / SIEM aspects you’ll need the start the Blue Team Tartarus Lab, guide located here. Video Conve...

Note This will bring up both Red and Blue Team related guests, if you only want Red Team related guests use that version located here. Video Conventions Commands for you to execute are encapsula...