A brief description of how to crack Flask session cookies and an introduction to the Cracked Flask Lab.

The DNS server that WSL2 uses returns records in a different way to a normal DNS server and because of this I ended up trying to log into the wrong server. This is my quick analysis of what is different, and what it caused to happen.

Talking about a way I found to split XSS payloads over multiple inputs to bypass input length limitations and input filtering.

A lot of conferences have CTFs but how about testing people's report writing skills as well? This post contains some ideas I've had to run a competition which would test report writing skills.

Pipal analyses a cracked password list to help analysts spot patterns. Stats are generated on everything from the different lenghts to the character types to the words that other words are based on.

Tim Tomes wrote a blog post on enumerating directories and files through a MySQL connection, this module automates that process.

Analysis of the content I found when trawling Mobile Me accounts looking for public information.

I recently did a test against a company and in the debrief they asked how I managed to enumerate so many of their subdomains as they were using a wildcard DNS setup and the previous tester had commented that it prevented DNS enumeration. When I explained to them how the wildcard only obscured valid domains they had a few choice words for the previous tester and I figured it would make a nice little blog post.

Automation of setting up a bunch of APs and airodump-ng to work out what encryption a client is probing for.

A write up on my experiences taking, and passing, the CHECK Team Leader Web App Exam

This is my attempt to collect enough data to be able to answer the eternal question, 'How do I get started in Information Security?'. I've put together a questionnaire which I'll summarize the answers from and hopefully present at conferences and also summarise here on the site.

The story of how I analysed a new IP web camera and found how it automatically tried to punch a hole through my firewall and register itself with dynamic DNS server to tell the world it was there. The slides also contain a bonus talk covering my blog post and project on 'Whats in Amazon's buckets'

At BSides London I presented the findings from the Breaking in to Security survey, here are my slides and a link to the data collected so far.

Burp Intruder has four different attack modes, this post shows the differences between those four modes.

Ever found yourself in a position where you have to teach or explain DNS zone transfers but not had a domain to run the transfer on? This domain is set up to allow transfers and contains plenty of information to work with. I've also explained how I would interpret the information.

Seeing as I had over 200 responses to the "Breaking In" survey in just 5 days I've plucked out a couple of interesting stats from the responses and posted them to whet your appitite.

This tool will brute force bucket names from Amazon's S3 system and then enumerate files associated with any public buckets found.

Google Profile scraping can be used a part of recon work to gather staff lists, this script automates that process

This tool will brute force user accounts with Mobile Me and then enumerate files associated with any public accounts found.