Reading view

There are new articles available, click to refresh the page.

Mobile Me Madness

A brief description of how Mobile Me allows access to its file listings and how to interpret them.

A domain set up to help teach and explain DNS zone transfers.

Ever found yourself in a position where you have to teach or explain DNS zone transfers but not had a domain to run the transfer on? This domain is set up to allow transfers and contains plenty of information to work with. I've also explained how I would interpret the information.

Wifi Honey

Automation of setting up a bunch of APs and airodump-ng to work out what encryption a client is probing for.

DNS reconnaissance against wildcard domains

I recently did a test against a company and in the debrief they asked how I managed to enumerate so many of their subdomains as they were using a wildcard DNS setup and the previous tester had commented that it prevented DNS enumeration. When I explained to them how the wildcard only obscured valid domains they had a few choice words for the previous tester and I figured it would make a nice little blog post.

Analysing Mobile Me

Analysis of the content I found when trawling Mobile Me accounts looking for public information.

Pipal is a password analysis tool

Pipal analyses a cracked password list to help analysts spot patterns. Stats are generated on everything from the different lenghts to the character types to the words that other words are based on.

An idea for a report writing competition

A lot of conferences have CTFs but how about testing people's report writing skills as well? This post contains some ideas I've had to run a competition which would test report writing skills.

Here is a little trick I just learned about to help prevent things like API keys from ending up in your Git repo. I've mentioned it to a few Git loving developers who all claimed that it is obvious and that loads of people are already using it, but, as we

Here is a little trick I just learned about to help prevent things like API keys from ending up in your Git repo. I've mentioned it to a few Git loving developers who all claimed that it is obvious and that loads of people are already using it, but, as we regularly see keys in GitHub, I'd guess that its a case of what people know they should be doing verses what they are actually doing. The trick uses Git hooks to catch content pre-commit and block anything that it thinks is suspicious.
❌