Route Zero: Security Tools, Tips & Recs

  • Proving Grounds Practice: Kyoto Walkthrough

    Today, we will walk through Kyoto, a Get to Work Windows machine on Proving Grounds Practice. (Although this machine is ranked as GTW, I would opine that this is wayyyy beyond OSCP-level, so if you found yourself struggling with this machine while prepping for OSCP, not to worry!) Walkthrough Port… Continue ⇢

  • Unlocking App Lock in iOS & iPadOS: A Cautionary Tale ft. Google Drive, Yahoo Mail, and Facebook Messenger

    If you have an iPhone or an iPad, you probably use App Lock dozens of times a day without even thinking about it. Want to install a new app from the App Store? Face ID. Need to check your Chase balance? Face ID. Making an Apple Pay purchase? Face ID.… Continue ⇢

  • Question of the Week: Identify Vulnerability in C# Source Code

    Welcome to Route Zero’s first Question of the Week! Each week, we will tackle a pressing or intriguing question related to cybersecurity, providing detailed explanations and insights that can help expand your understanding and skills. Whether you’re a beginner looking to learn more or an experienced professional seeking to stay… Continue ⇢

  • Proving Grounds Practice: CVE-2024-40453 Walkthrough

    Today we will go through CVE-2024-40453, an intermediate-level Proving Grounds Practice machine. Initial Observation To begin our assessment of the target server, we start by conducting an nmap scan to identify open ports and running services. This helps us map the initial attack surface and determine potential entry points for… Continue ⇢

  • File Transfer Techniques on Linux for Penetration Testers

    Transferring files effectively between your machine and a target system is an essential skill in penetration testing and red team engagements. Whether you’re working in client environments or competing in Capture The Flag (CTF) challenges, mastering these techniques can greatly enhance your efficiency. Below, I’ll outline various methods with detailed… Continue ⇢

  • Burp Suite Community vs. Professional in 2024: Is Pro Really Worth It?

    When it comes to web application testing, Burp Suite still reigns as the gold standard — its power, versatility, and capabilities continue to outshine even those of ZAP and Caido (though the latter shows promise — but we’ll discuss this in another post!). But with two different versions—Community and Professional—each… Continue ⇢

  • Protected: SUPER SECRET

    There is no excerpt because this is a protected post. Continue ⇢

  • Google Dork of the Week: Discovering Sensitive Documents Across Domains

    Welcome to this week’s Google Dork of the Week! In today’s post, we’ll explore a powerful Google dork that helps uncover potentially sensitive PDF documents on targeted domains. Dork Syntax Here’s the dork syntax we’ll use this week: Dork Breakdown Google Dork in Action: Hunting Apple Confidential Documents on Apple… Continue ⇢

  • Proving Grounds Practice: CVE-2024-27292 Walkthrough

    Today, we will walk through CVE-2024-27292, an Intermediate Linux machine on Proving Grounds Practice. We begin with an Nmap scan, which only reveals 2 ports: Browsing to the application, we identify that the docassemble application is running. We start looking for potential exploits and stumble upon this one: https://tantosec.com/blog/docassemble/ It… Continue ⇢