Memorable Client Findings

  • got RCE on a client website through upload of an aspx webshell in their logo upload functionality :gem:
  • Broke into a fast-food kiosk with my manager :closed_lock_with_key:
  • My 90’s hacker story of course :fire:
  • Did my first (unsuccessful) social engineering gig with my manager for a major data centre :performing_arts:

Second Business Trip

One of my last few enagements with Pure Security was an on-site test with my manager for a critical infrastructure company in Canberra, which involved:

  • Internal Infrastructure testing of the SCADA network

    • My manager found some creds just by dumping LSASS :)
    • The client was told to implement credential guard afterwards

  • Segmentation testing between the corporate AD and the SCADA AD network

    • Quite cool as it involves mass nmap scans and firewall configuration reviews



It was a learning experience nontheless:

  • Transport was covered as my manager drove down :car:
  • The hotel was kind of meh… felt like a mashup between a dorm room and a hotel
  • Breakfast was paid for (and thank fuck for that) as it was expensive
  • Got a daily allowance of $100 per working day
  • Was a five day trip
  • As it was nearing summer, there were 30+ degrees days :sun_with_face:

Work Changes

I resigned from Pure Security with my last day in late December :christmas_tree:
Then starting with Privasec early January ~

I really enjoyed the wide variety of client work and engagements, as well as being able to have my OSCP training sponsored by the company.