πŸ”’
There are new articles available, click to refresh the page.
Before yesterdayDigiNinja

An idea for a report writing competition

12 November 2020 at 12:00
A lot of conferences have CTFs but how about testing people's report writing skills as well? This post contains some ideas I've had to run a competition which would test report writing skills.

Pipal is a password analysis tool

12 November 2020 at 12:00
Pipal analyses a cracked password list to help analysts spot patterns. Stats are generated on everything from the different lenghts to the character types to the words that other words are based on.

A Metasploit module for enumerating directories and files through MySQL

12 November 2020 at 12:00
Tim Tomes wrote a blog post on enumerating directories and files through a MySQL connection, this module automates that process.

Analysing Mobile Me

12 November 2020 at 12:00
Analysis of the content I found when trawling Mobile Me accounts looking for public information.

DNS reconnaissance against wildcard domains

12 November 2020 at 12:00
I recently did a test against a company and in the debrief they asked how I managed to enumerate so many of their subdomains as they were using a wildcard DNS setup and the previous tester had commented that it prevented DNS enumeration. When I explained to them how the wildcard only obscured valid domains they had a few choice words for the previous tester and I figured it would make a nice little blog post.

Wifi Honey

12 November 2020 at 12:00
Automation of setting up a bunch of APs and airodump-ng to work out what encryption a client is probing for.

How I found the CHECK Team Leader Web Application exam

12 November 2020 at 12:00
A write up on my experiences taking, and passing, the CHECK Team Leader Web App Exam

Ever wanted to ask, or help answer the question, how do I get started in security?.

12 November 2020 at 12:00
This is my attempt to collect enough data to be able to answer the eternal question, 'How do I get started in Information Security?'. I've put together a questionnaire which I'll summarize the answers from and hopefully present at conferences and also summarise here on the site.

A copy of my slides from OWASP Leeds covering the perils of autoconfiguring web cams with a bonus set presenting 'Whats in Amazon's buckets'

12 November 2020 at 12:00
The story of how I analysed a new IP web camera and found how it automatically tried to punch a hole through my firewall and register itself with dynamic DNS server to tell the world it was there. The slides also contain a bonus talk covering my blog post and project on 'Whats in Amazon's buckets'

My slides for my BSides London talk on Breaking in to Security

12 November 2020 at 12:00
At BSides London I presented the findings from the Breaking in to Security survey, here are my slides and a link to the data collected so far.

A description of the different attack modes in Burp Intruder

12 November 2020 at 12:00
Burp Intruder has four different attack modes, this post shows the differences between those four modes.

A domain set up to help teach and explain DNS zone transfers.

12 November 2020 at 12:00
Ever found yourself in a position where you have to teach or explain DNS zone transfers but not had a domain to run the transfer on? This domain is set up to allow transfers and contains plenty of information to work with. I've also explained how I would interpret the information.

A set of interim results from my survey, how do I get started in security?.

12 November 2020 at 12:00
Seeing as I had over 200 responses to the "Breaking In" survey in just 5 days I've plucked out a couple of interesting stats from the responses and posted them to whet your appitite.

A tool to brute force bucket names from Amazon S3

12 November 2020 at 12:00
This tool will brute force bucket names from Amazon's S3 system and then enumerate files associated with any public buckets found.

An update to my script to mine data out of Google Profiles

12 November 2020 at 12:00
Google Profile scraping can be used a part of recon work to gather staff lists, this script automates that process

A tool to brute force user accounts on Mobile Me

12 November 2020 at 12:00
This tool will brute force user accounts with Mobile Me and then enumerate files associated with any public accounts found.

Mobile Me Madness

12 November 2020 at 12:00
A brief description of how Mobile Me allows access to its file listings and how to interpret them.
❌