Tim Tomes wrote a blog post on enumerating directories and files through a MySQL connection, this module automates that process.
I recently did a test against a company and in the debrief they asked how I managed to enumerate so many of their subdomains as they were using a wildcard DNS setup and the previous tester had commented that it prevented DNS enumeration. When I explained to them how the wildcard only obscured valid domains they had a few choice words for the previous tester and I figured it would make a nice little blog post.
A write up on my experiences taking, and passing, the CHECK Team Leader Web App Exam
This is my attempt to collect enough data to be able to answer the eternal question, 'How do I get started in Information Security?'. I've put together a questionnaire which I'll summarize the answers from and hopefully present at conferences and also summarise here on the site.
- A copy of my slides from OWASP Leeds covering the perils of autoconfiguring web cams with a bonus set presenting 'Whats in Amazon's buckets'
A copy of my slides from OWASP Leeds covering the perils of autoconfiguring web cams with a bonus set presenting 'Whats in Amazon's buckets'
The story of how I analysed a new IP web camera and found how it automatically tried to punch a hole through my firewall and register itself with dynamic DNS server to tell the world it was there. The slides also contain a bonus talk covering my blog post and project on 'Whats in Amazon's buckets'
At BSides London I presented the findings from the Breaking in to Security survey, here are my slides and a link to the data collected so far.
Burp Intruder has four different attack modes, this post shows the differences between those four modes.
Ever found yourself in a position where you have to teach or explain DNS zone transfers but not had a domain to run the transfer on? This domain is set up to allow transfers and contains plenty of information to work with. I've also explained how I would interpret the information.
Seeing as I had over 200 responses to the "Breaking In" survey in just 5 days I've plucked out a couple of interesting stats from the responses and posted them to whet your appitite.
Google Profile scraping can be used a part of recon work to gather staff lists, this script automates that process