RSS Security

πŸ”’
❌ About FreshRSS
There are new articles available, click to refresh the page.
Before yesterdayDigiNinja

Tiger Scheme Check Team Member Exam - A review of the Check Team Member exam.

12 November 2020 at 12:00
Tiger Scheme Check Team Member Exam - A review of the Check Team Member exam.

The start of the PenTester Scripting project

12 November 2020 at 12:00
How I got involved in yet another new project, this time the PenTester Scripting community wiki

Accidentally Sharing CrashPlan Data

12 November 2020 at 12:00
A story of how Christmas generosity in sharing his backup plan resulted in a friend's files being accessible by all his family.

Asking the question, when it is acceptable to miss a vulnerability on a test.

12 November 2020 at 12:00
Asking the question, when it is acceptable to miss a vulnerability on a test.

A review of the Corelan Live Win32 Exploit Dev Bootcamp

12 November 2020 at 12:00
I've just got back from BruCON 2012 where I started the week with the Corelan Live - Win32 Exploit Development Bootcamp. A lot of people asked about the course and what it covered so I've put this together.

New tool, Sitediff

12 November 2020 at 12:00
Imagine the scenario, you are testing a site running an open source package but not sure what version and need to find out. The site does not include any helpful comments in the HTML and there is no README file. The package isn't a popular one so none of the regular fingerprinting apps recognise it, what can you do? Call in Sitediff, it takes a local directory of files and then requests each of them from the target site and reports back on what it finds.

A custom wordlist generator with a twist.

12 November 2020 at 12:00
A custom wordlist generator that creates permutations of all the input words as well as just manipulating them individually.

Blindly Installing VMs and Using Live CDs

12 November 2020 at 12:00
Do you know what the VM or live CD you have just downloaded really contains and if you don't, how do you find out?

HTTP Banner Grabbing Beyond The Root

12 November 2020 at 12:00
HTTP Banner grabbing beyond the root, where do you do your web banner grabbing?

A walkthrough of a process which allows off the shelf hardware to automatically acquire a valid TLS certificate on startup.

12 November 2020 at 12:00
A walkthrough of a process which allows off the shelf hardware to automatically acquire a valid TLS certificate on startup.

The results of a small experiment to see what my heart rate was like during my SANS instructor murder board.

12 November 2020 at 12:00
The results of a small experiment to see what my heart rate was like during my SANS instructor murder board.

Building a lab with ModSecurity and DVWA.

12 November 2020 at 12:00
I've been meaning to build a ModSecurity lab for a while and seeing as I had some free time I decided it was about time to do it and to document it for everyone to share. The lab I built uses an up-to-date version of ModSecurity with a rule set taken from the SpiderLabs github repo and, so there is something to attack, I've included DVWA.

An offer to take some friends running during SteelCon 2019.

12 November 2020 at 12:00
An offer to take some friends running during SteelCon 2019.

My AP Collection

12 November 2020 at 12:00
I'm going to be doing some AP testing and this is a small part of the collection.

The second part of my introduction to using ZAP to test WebSockets, this part focuses on fuzzing.

12 November 2020 at 12:00
The following article is part two of my introduction to ZAP and testing WebSockets, in this episode I'll cover fuzzing. If you've not used ZAP before I suggest you look at some of the official tutorials first - ZAP home page, Videos. You can find my first part here OWASP ZAP and Web Sockets. The testing is being done against a small WebSockets based app I wrote called SocketToMe which has a few published services along with a few unpublished ones. In this article we are going to look at one of the published ones and try to identify some of the unpublished ones. The first feature I'll investigate is the number guessing game. Here the system picks a random number between 1 and 100 and you have to guess it. I'm going to cheat and see if I can get ZAP to play all 100 numbers for me to go for a quick win.

Cool new Micro SD reader

12 November 2020 at 12:00
This Micro SD reader is so small it is only just larger than the USB connector it is built on

This scan result beats any I've seen from Nessus, Nikto or Nmap

12 November 2020 at 12:00
This scan result beats any I've seen from Nessus, Nikto or Nmap. I'm going to be a daddy!
❌