πŸ”’
There are new articles available, click to refresh the page.
βœ‡ DigiNinja

Whats in Amazon's buckets?

By: DigiNinja β€”
The description of how I wrote a tool to brute force bucket names from the Amazon S3 system and then take it a step further.
βœ‡ DigiNinja

Using decompression to avoid filters

By: DigiNinja β€”
Using decompression to avoid filters - Decompressing data to get it past filters such as IDS.
βœ‡ DigiNinja

Analysing Amazons Buckets

By: DigiNinja β€”
Analysis of the content I found when trawling Amazon's buckets looking for public information.
βœ‡ DigiNinja

Abusing a DDNS service to find IP cameras around the world.

By: DigiNinja β€”
When I bought an IP camera to watch by daughters cot I didn't expect to end up writing tools to find others around the world, I also didn't expect it to be so poorly secured.
βœ‡ DigiNinja

A story about Hakin9, the kings of spam

By: DigiNinja β€”
About once a fortnight I get a request to write an article for Hakin9 or one of its sister publications, this article details my attempts to stop this spam.
βœ‡ DigiNinja

Overriding the JavaScript alert function to find a hidden XSS.

By: DigiNinja β€”
A story of how I tracked down a Cross-Site Scripting issue by overriding the built in alert function to trigger a breakpoint.
βœ‡ DigiNinja

An application to parse files such as .DS_Store to reveal otherwise unlinked files on web sites.

By: DigiNinja β€”
File Disclosure Browser, an application to parse files such as .DS_Store to reveal otherwise unlinked files on web sites.
βœ‡ DigiNinja

Do you include steps to reproduce vulnerabilities in your security reports? In this post I think about how to do this.

By: DigiNinja β€”
Three times in the past few months I've been asked by clients to retest previous findings to see if they have been successfully fixed. One of the reports I was given was one I'd written, the other two were by other testers. For my report I couldn't remember anything about the test, reading the report gave me some clues but I was really lucky and found that I'd left myself a test harness in the client's folder fully set up to test the vulnerability. One of the other two was testing for a vulnerability I'd never heard of and couldn't find anything about on Google. I finally tracked down the original tester and it turns out there is a simple tool which tests for the issue and one command line script later the retest was over. The final issue was one that I knew about but had a really good write up that, even if I'd not heard of it, had a full walk through on how to reproduce the test.
βœ‡ DigiNinja

A worked example of setting up domain fronting with Cloudfront.

By: DigiNinja β€”
This post accompanies the post A 101 on Domain Fronting and in it we are going to setup both a site to use for domain fronting and then a fronted site.
βœ‡ DigiNinja

I see a lot of requests for technical help with tools and projects, some good, some bad. This post covers what I like to see when someone asks a question.

By: DigiNinja β€”
I see a lot of requests for technical help with tools and projects, some good, some bad. This post covers what I like to see when someone asks a question.
βœ‡ DigiNinja

Karma comes into the modern age with patches for hostapd.

By: DigiNinja β€”
Karma was originally written for Madwifi and I then updated it to work with Madwifi-ng. This update adds the same functionality to hostapd.
βœ‡ DigiNinja

Using Google Analytics tracking codes to find relationships between domains.

By: DigiNinja β€”
When doing reconnaissance on clients it is often useful to try to identify other websites or companies who are related to your target. One way to do this is to look at who is managing the Google Analytics traffic for them and then find who else they manage. There are a few online services which do this, the probably best known being ewhois, but whenever you use someone else's resources you are at their mercy over things like accuracy of the data and coverage, especially if you are working for a small client who hasn't been scanned by them then you won't get any results. This is where my tracker tracking tool comes in. The tool is in two parts, the first uses the power of the nmap engine to scan all the domains you are interested in and pull back tracking codes, these are then output in the standard nmap format along with the page title. I've then written a second script which takes the output and generates a grouped and sorted CSV file which you can then analyse.
βœ‡ DigiNinja

Enumerating shares on the SpiderOak network.

By: DigiNinja β€”
Spidering SpiderOak - By looking at the differences between responses it is possible to enumerate valid account names and then shares on the SpiderOak network. This post covers how I researched this, the findings and how it could be fixed.
βœ‡ DigiNinja

Calc IP Range

By: DigiNinja β€”
Given a IP address calculate the top and bottom of its available subnet range
βœ‡ DigiNinja

A Pipal analysis of the Manga Traders password dump, some interesting results when looking at demographics and reuse of username/email addresses as passwords.

By: DigiNinja β€”
A Pipal analysis of the Manga Traders password dump, some interesting results when looking at demographics and reuse of username/email addresses as passwords.
βœ‡ DigiNinja

Some research on how to hide commands from the bash history.

By: DigiNinja β€”
Have you ever logged in to a box, started running commands, and then remembered the bash history will be logging everything you run. I've done it occasionally so thought I should do some research on what the options are. This post covers what I came up with, please get in touch if you have any other ideas.
βœ‡ DigiNinja

A little trick to extract stored FTP details

By: DigiNinja β€”
A little trick to extract stored FTP details by setting up a fake server then capturing the clear text.
βœ‡ DigiNinja

I've just added a new challenge to the lab looking at exploiting the none algorithm. For more information, and a walk through, see JWT None Authentication Lab.

By: DigiNinja β€”
I've just added a new challenge to the lab looking at exploiting the none algorithm. For more information, and a walk through, see .
βœ‡ DigiNinja

Metasploit DNS MiTM and DHCP Exhaustion modules

By: DigiNinja β€”
Two new beta Metasploit modules, one for DNS MiTM and one for DHCP Exhaustion attacks
❌