A brief description of how Mobile Me allows access to its file listings and how to interpret them.

This tool will brute force user accounts with Mobile Me and then enumerate files associated with any public accounts found.

Google Profile scraping can be used a part of recon work to gather staff lists, this script automates that process

This tool will brute force bucket names from Amazon's S3 system and then enumerate files associated with any public buckets found.

Seeing as I had over 200 responses to the "Breaking In" survey in just 5 days I've plucked out a couple of interesting stats from the responses and posted them to whet your appitite.

Ever found yourself in a position where you have to teach or explain DNS zone transfers but not had a domain to run the transfer on? This domain is set up to allow transfers and contains plenty of information to work with. I've also explained how I would interpret the information.

Burp Intruder has four different attack modes, this post shows the differences between those four modes.

At BSides London I presented the findings from the Breaking in to Security survey, here are my slides and a link to the data collected so far.

The story of how I analysed a new IP web camera and found how it automatically tried to punch a hole through my firewall and register itself with dynamic DNS server to tell the world it was there. The slides also contain a bonus talk covering my blog post and project on 'Whats in Amazon's buckets'

This is my attempt to collect enough data to be able to answer the eternal question, 'How do I get started in Information Security?'. I've put together a questionnaire which I'll summarize the answers from and hopefully present at conferences and also summarise here on the site.

A write up on my experiences taking, and passing, the CHECK Team Leader Web App Exam

Automation of setting up a bunch of APs and airodump-ng to work out what encryption a client is probing for.

I recently did a test against a company and in the debrief they asked how I managed to enumerate so many of their subdomains as they were using a wildcard DNS setup and the previous tester had commented that it prevented DNS enumeration. When I explained to them how the wildcard only obscured valid domains they had a few choice words for the previous tester and I figured it would make a nice little blog post.

Analysis of the content I found when trawling Mobile Me accounts looking for public information.

Tim Tomes wrote a blog post on enumerating directories and files through a MySQL connection, this module automates that process.

Pipal analyses a cracked password list to help analysts spot patterns. Stats are generated on everything from the different lenghts to the character types to the words that other words are based on.

A lot of conferences have CTFs but how about testing people's report writing skills as well? This post contains some ideas I've had to run a competition which would test report writing skills.

A custom wordlist generator that creates permutations of all the input words as well as just manipulating them individually

Pipal analysis of a password dump from a dating site.

Pipal analysis of 1800 passwords dumped from Minecraft

Pipal analysis of 13,000 passwords from the Lizard Squad dump.

Pipal analysis of of a password dump from the Neofriends dating site.

A short howto on removing the obfuscation added to non-default passwords by Nessus.

A write up of my recent experiences of getting clients involved during testing.

A short guide to exploiting POST based reflected XSS using CSRF and iframes.

Trying to understand why the EE web portal doesn't have a password change feature.

Asking the question, when it is acceptable to miss a vulnerability on a test.

I've spent the day testing an app which disables the right click context menu, this makes testing tricky so I found a one liner which I could drop into the browser console to re-enable it for me.

Here is a little trick I just learned about to help prevent things like API keys from ending up in your Git repo. I've mentioned it to a few Git loving developers who all claimed that it is obvious and that loads of people are already using it, but, as we regularly see keys in GitHub, I'd guess that its a case of what people know they should be doing verses what they are actually doing. The trick uses Git hooks to catch content pre-commit and block anything that it thinks is suspicious.