Deauth Yourself: How to Build a Deauthenticator

Estimated difficulty:  💜🤍🤍🤍 🤍 Welcome to the wonderful world of hardware. This blog post is a walkthrough of how to build a deauthenticator; a pocket-sized tool that you can create to kick a device off of a network (especially good to know for April fools, or if you just want to have some fun with …

Light ’em Up: An Introduction to LiDAR

Estimated difficulty:  💜💜🤍🤍🤍 It’s been a while since I’ve written about zoom hax, if you’re new to Security Queens – you can find my last blog post on hacking cars via. the Control Area Network (CAN) here. Instead of focusing on physical CAN bus hacking, this blog post will do a quick rundown of LiDAR …

There Ain’t No Party Like an EC2 Party: Creating Your Website

Estimated difficulty:  💜💜 🤍 🤍🤍 So you have decided to host a website on your EC2 instance? Samesies! If you still aren’t sure where to start with hosting, then check out my previous post. When it comes to creating a website, there is a shopping list of things that you will need to set up, …

Tickets Please: Kerberoasting 101

Estimated difficulty: 💜💜💜💜🤍 So as my own personal learning journey into the land of mad hax, I thought I would document something Windows-y for a change (something completely out of my comfort zone…). This is the blog no-one necessarily asked for, but I feel would be hugely beneficial to those new to professional pentesting – …

There Ain’t No Party Like an EC2 Party: Securing Your AWS Instance

Estimated difficulty:  💜💜 🤍 🤍🤍 In this post, we are slightly diverging from the original MOBster series and taking a look at Amazon Web Services (AWS). This is the first of two posts that will walk you through hosting and building a simple website… Yes, the web dev bug has bitten me, all because I …

Drop it Like it’s Hot: SQLi 101

Estimated difficulty: 💜💜💜🤍🤍 Continuing our journey into the land of web hax, this week (as requested by the world of Twitter) we are covering SQL injection basics. What is SQL? SQL stands for Structured Query Language and is commonly used by various applications to interact with a database, usually submitting queries to retrieve specific information. …

MOBster4: Insecure Authentication

Estimated difficulty: 💜💜💜💜🤍 We are continuing on our quest to conquer the OWASP Mobile Top 10, and if you have been following this series then congratulations, you have made it to M4: Insecure Authentication! This post is going to delve into the world of how mobile apps can use weak authentication methods and how an …

Who Ya Gonna Call? DirBuster!

Estimated difficulty: 💜💜🤍🤍🤍 Need to bruteforce directory names on a web application? Or perhaps you need to find unlisted files on a web server? Who ya gonna call? DIRBUSTER! So first thing’s first, the boring pentesty theory bit before we do all the mad hax and walkthrough the basics of Dirbuster. Remember this neat little …

It’s All About Communication, Insecure Communication!

Estimated difficulty: 💜💜💜🤍🤍 Welcome back to another MOBster post! It’s part three of our OWASP Mobile Top 10 series and in this post, we are covering M3: Insecure Communication! The previous MOBster post covered M2: Insecure Data Storage, and you can check that out here. Like M2: Insecure Data Storage, this vulnerability is easy to …

Stressed Out, Burned Out, and a I Feel Like a Fake

I’ve always been a perfectionist. I’ve always striven to be the best version of me that I could be! When I started in university and my journey into cybersecurity, I pushed myself to stand out, be “perfect” and to do it with no mistakes. An impossible task, I realise now, but I kept pushing myself …