// Research, Writeups & CVE Advisories

SECURITY
RESEARCH

Vulnerability research, exploit writeups, red team methodologies, certification journeys, and CVE advisories by Brendon Teo.

// Pinned on Medium
Certification Nov 2022 Medium Article

OSCP — How I Tried Harder

A candid, no-holds-barred breakdown of the OSCP journey — the sleepless nights, the methodology that finally clicked, the 24-hour exam war stories, and the mindset shift that made all the difference. If you're preparing for OSCP, this is required reading.

OSCP Certification Offensive Security HTB
Read on Medium
exam-notes.txt 
# OSCP — 24hr exam strategy
# Enumerate. Always enumerate.

Phase 1: Auto-recon all targets
  nmap -sC -sV -oA initial {ip}
  autorecon {ip}

Phase 2: Manual enum per service
  # HTTP → gobuster, nikto, manual
  # SMB  → enum4linux, smbclient
  # RPC  → rpcclient -U ""

Phase 3: Exploit & PrivEsc
  # Windows: winPEAS, PowerUp
  # Linux:   linPEAS, sudo -l

Passed. 70+ points. Try harder.
CVE Research Sep 2024

CVE-2024-40125: File Upload → Full Admin RCE

How an unvalidated PHP file upload in CLESS Server v4.5.2's Media Manager became a CRITICAL 9.8 unauthenticated RCE granting full Windows administrative access.

CRITICAL 9.8 CWE-434
PoC →
Web VAPT Research

OAuth 2.0 Misconfigurations & API Attack Chains

Real-world OAuth flaws from live engagements — open redirects, token leakage, PKCE bypass, and chaining SSRF to internal service exploitation.

OAuth API
Medium →
Infra VAPT Research

Automating Infra VA: From Nessus to Client Report

How I built CIS-NessusToExcel to automate the most painful part of infrastructure assessments — generating clean, consistent reports from raw Nessus data.

Nessus Automation
GitHub →
Certifications Research

OSEP, OSWE & CRTO — The Advanced Cert Path

Lessons from the advanced offensive security certification grind — what separates OSEP from OSCP, and how CRTO fills the real-world red team gap.

OSEP OSWE CRTO
Medium →