πŸ”’
There are new articles available, click to refresh the page.
βœ‡ DigiNinja

Whats in Amazon's buckets?

By: DigiNinja β€”
The description of how I wrote a tool to brute force bucket names from the Amazon S3 system and then take it a step further.
βœ‡ DigiNinja

Mobile Me Madness

By: DigiNinja β€”
A brief description of how Mobile Me allows access to its file listings and how to interpret them.
βœ‡ DigiNinja

A tool to brute force user accounts on Mobile Me

By: DigiNinja β€”
This tool will brute force user accounts with Mobile Me and then enumerate files associated with any public accounts found.
βœ‡ DigiNinja

An update to my script to mine data out of Google Profiles

By: DigiNinja β€”
Google Profile scraping can be used a part of recon work to gather staff lists, this script automates that process
βœ‡ DigiNinja

A tool to brute force bucket names from Amazon S3

By: DigiNinja β€”
This tool will brute force bucket names from Amazon's S3 system and then enumerate files associated with any public buckets found.
βœ‡ DigiNinja

A set of interim results from my survey, how do I get started in security?.

By: DigiNinja β€”
Seeing as I had over 200 responses to the "Breaking In" survey in just 5 days I've plucked out a couple of interesting stats from the responses and posted them to whet your appitite.
βœ‡ DigiNinja

A domain set up to help teach and explain DNS zone transfers.

By: DigiNinja β€”
Ever found yourself in a position where you have to teach or explain DNS zone transfers but not had a domain to run the transfer on? This domain is set up to allow transfers and contains plenty of information to work with. I've also explained how I would interpret the information.
βœ‡ DigiNinja

A description of the different attack modes in Burp Intruder

By: DigiNinja β€”
Burp Intruder has four different attack modes, this post shows the differences between those four modes.
βœ‡ DigiNinja

My slides for my BSides London talk on Breaking in to Security

By: DigiNinja β€”
At BSides London I presented the findings from the Breaking in to Security survey, here are my slides and a link to the data collected so far.
βœ‡ DigiNinja

A copy of my slides from OWASP Leeds covering the perils of autoconfiguring web cams with a bonus set presenting 'Whats in Amazon's buckets'

By: DigiNinja β€”
The story of how I analysed a new IP web camera and found how it automatically tried to punch a hole through my firewall and register itself with dynamic DNS server to tell the world it was there. The slides also contain a bonus talk covering my blog post and project on 'Whats in Amazon's buckets'
βœ‡ DigiNinja

Ever wanted to ask, or help answer the question, how do I get started in security?.

By: DigiNinja β€”
This is my attempt to collect enough data to be able to answer the eternal question, 'How do I get started in Information Security?'. I've put together a questionnaire which I'll summarize the answers from and hopefully present at conferences and also summarise here on the site.
βœ‡ DigiNinja

How I found the CHECK Team Leader Web Application exam

By: DigiNinja β€”
A write up on my experiences taking, and passing, the CHECK Team Leader Web App Exam
βœ‡ DigiNinja

Wifi Honey

By: DigiNinja β€”
Automation of setting up a bunch of APs and airodump-ng to work out what encryption a client is probing for.
βœ‡ DigiNinja

DNS reconnaissance against wildcard domains

By: DigiNinja β€”
I recently did a test against a company and in the debrief they asked how I managed to enumerate so many of their subdomains as they were using a wildcard DNS setup and the previous tester had commented that it prevented DNS enumeration. When I explained to them how the wildcard only obscured valid domains they had a few choice words for the previous tester and I figured it would make a nice little blog post.
βœ‡ DigiNinja

Analysing Mobile Me

By: DigiNinja β€”
Analysis of the content I found when trawling Mobile Me accounts looking for public information.
βœ‡ DigiNinja

A Metasploit module for enumerating directories and files through MySQL

By: DigiNinja β€”
Tim Tomes wrote a blog post on enumerating directories and files through a MySQL connection, this module automates that process.
βœ‡ DigiNinja

Pipal is a password analysis tool

By: DigiNinja β€”
Pipal analyses a cracked password list to help analysts spot patterns. Stats are generated on everything from the different lenghts to the character types to the words that other words are based on.
βœ‡ DigiNinja

An idea for a report writing competition

By: DigiNinja β€”
A lot of conferences have CTFs but how about testing people's report writing skills as well? This post contains some ideas I've had to run a competition which would test report writing skills.
βœ‡ DigiNinja

Talking about a way I found to split XSS payloads over multiple inputs to bypass input length limitations and input filtering.

By: DigiNinja β€”
Talking about a way I found to split XSS payloads over multiple inputs to bypass input length limitations and input filtering.
❌