https://ethanh.co.za/Recent content on EthanHHugo -- gohugo.ioenEthanHWed, 25 Mar 2026 00:00:00 +0000https://ethanh.co.za/cool-things/Wed, 25 Mar 2026 00:00:00 +0000https://ethanh.co.za/cool-things/A running list of things I think are worth knowing about, talks I’ve given, blog posts I’ve written and tools/solutions I’ve either developed or helped develop. Presentations [Presentation] BlackHat MEA — Persistence or Snake-oil: Re-achieving Persistent XSS [Presentation] BSides CapeTown 2025 — Persistence or Snake-oil: Re-achieving Persistent XSS [Presentation] BSides CapeTown 2024 — Breaking the Barrier: Exploring modern WAFs Blog Posts [Blog] Persistence or Snake-oil: Re-achieving Persistent XSS Part 1 — Part 1 of my XSS Persistence Research [Blog] Persistence or Snake-oil: Re-achieving Persistent XSS Part 2 — Part 2 of my XSS Persistence Research [Blog] Breaking the Barrier: Exploring modern WAFs — Moden WAF Bypass Research Tools & Resources [Solution] NoScope — The TryHackMe NoScope pentesting agent [Tool] BRAT — Browser remote access tool, C2 style tool but for XSShttps://ethanh.co.za/posts/persistence-or-snakeoil/Sat, 10 Jan 2026 15:10:34 +0000https://ethanh.co.za/posts/persistence-or-snakeoil/Boring old XSS During 2025 I was determined to understand what it meant to have persistence within a web environment. This led me down a massive rabbit hole… from navigation hooking to service worker attacks, I ventured forth. In the end, we managed not only to persist past navigation, but managed to persist our control over a victims browsing session even after browser close. I had the opportunity to present the research output at the following conferences:https://ethanh.co.za/posts/thm-noscope/Sat, 10 Jan 2026 15:10:34 +0000https://ethanh.co.za/posts/thm-noscope/Rise of the Pentest Agents I was fortunate enough to be apart of the NoScope pentesting agent early access development program backed by TryHackMe. Regardless of the potential controversy that was stirred up with the release of this solution, I hold firm that pentesting agents can improve the workflow of human pentesters if given direction, and can be used as a force for good to secure the world! I strongly believe in the potential NoScope has, having witnessed it first hand.https://ethanh.co.za/posts/breaking-the-barrier-p2/Tue, 10 Dec 2024 15:10:34 +0000https://ethanh.co.za/posts/breaking-the-barrier-p2/The Star Wars Sequel During Bsides Cape Town this year, I was fortunate enough to be a speaker there and had the opportunity to present the outcomes of my initial research that focused on web application firewalls and the modern state of WAFs. In the talk we took a look at a high level history of the evolution of WAFs as well as the growth of the techniques they use to detect and repel malicious behavior.https://ethanh.co.za/posts/breaking-the-barrier/Tue, 23 Jul 2024 23:30:00 +0600https://ethanh.co.za/posts/breaking-the-barrier/Cracking the Shield: WAF Bypass Techniques Unveiled Introduction Web Application Firewalls (WAFs) play a crucial role in safeguarding web applications by filtering and monitoring HTTP traffic between a web application and the internet. They are designed to protect against various web-based attacks, such as SQL injection, cross-site scripting (XSS), and other attacks. However, as with any security measure, WAFs are not infallible. The constant evolution of attack techniques means that even the most robust WAFs can be bypassed under certain conditions.https://ethanh.co.za/posts/exploiting-the-context/Tue, 23 Jul 2024 23:30:00 +0600https://ethanh.co.za/posts/exploiting-the-context/Exploiting the Complex: The WikiJs CSTI Vulnerability Preface In today’s tech landscape, integrating front-end and back-end technologies often necessitates complex systems. However, these intricate systems can also introduce new and exotic vulnerabilities. In this post, we’ll explore a case where a sophisticated yet complex system in the widely-used Wiki.js framework led to a critical 0-day vulnerability—CVE-2024-34710. Background Wiki.js is a powerful wiki framework built with Vue.js for the front end and Node.https://ethanh.co.za/about/Mon, 22 Jul 2024 00:00:00 +0000https://ethanh.co.za/about/Hi, I’m Ethan I work at MWRCybersec, where I specialise in application security (AppSec). When I’m not working, you’ll often find me with a book in hand, exploring various genres and topics. I also have a passion for pen testing open-source applications. By doing so, I aim to contribute to the greater open-source community, helping to improve the security and reliability of widely-used software. My commitment to continuous learning and community involvement drives me to stay updated with the latest trends and developments in cybersecurity.