RSS Security

πŸ”’
❌ About FreshRSS
There are new articles available, click to refresh the page.
β˜‘ β˜† βœ‡ DigiNinja

I want my blog to reach as wide an audience as possible and to help with that, I'm asking for my readers to make suggestions for changes which will help make the site more accessible.

By: DigiNinja β€”
I want my blog to reach as wide an audience as possible and to help with that, I'm asking for my readers to make suggestions for changes which will help make the site more accessible.
β˜‘ β˜† βœ‡ DigiNinja

Tiger Scheme Check Team Member Exam - A review of the Check Team Member exam.

By: DigiNinja β€”
Tiger Scheme Check Team Member Exam - A review of the Check Team Member exam.
β˜‘ β˜† βœ‡ DigiNinja

The start of the PenTester Scripting project

By: DigiNinja β€”
How I got involved in yet another new project, this time the PenTester Scripting community wiki
β˜‘ β˜† βœ‡ DigiNinja

Accidentally Sharing CrashPlan Data

By: DigiNinja β€”
A story of how Christmas generosity in sharing his backup plan resulted in a friend's files being accessible by all his family.
β˜‘ β˜† βœ‡ DigiNinja

Asking the question, when it is acceptable to miss a vulnerability on a test.

By: DigiNinja β€”
Asking the question, when it is acceptable to miss a vulnerability on a test.
β˜‘ β˜† βœ‡ DigiNinja

A review of the Corelan Live Win32 Exploit Dev Bootcamp

By: DigiNinja β€”
I've just got back from BruCON 2012 where I started the week with the Corelan Live - Win32 Exploit Development Bootcamp. A lot of people asked about the course and what it covered so I've put this together.
β˜‘ β˜† βœ‡ DigiNinja

New tool, Sitediff

By: DigiNinja β€”
Imagine the scenario, you are testing a site running an open source package but not sure what version and need to find out. The site does not include any helpful comments in the HTML and there is no README file. The package isn't a popular one so none of the regular fingerprinting apps recognise it, what can you do? Call in Sitediff, it takes a local directory of files and then requests each of them from the target site and reports back on what it finds.
β˜‘ β˜† βœ‡ DigiNinja

A custom wordlist generator with a twist.

By: DigiNinja β€”
A custom wordlist generator that creates permutations of all the input words as well as just manipulating them individually.
β˜‘ β˜† βœ‡ DigiNinja

Blindly Installing VMs and Using Live CDs

By: DigiNinja β€”
Do you know what the VM or live CD you have just downloaded really contains and if you don't, how do you find out?
β˜‘ β˜† βœ‡ DigiNinja

HTTP Banner Grabbing Beyond The Root

By: DigiNinja β€”
HTTP Banner grabbing beyond the root, where do you do your web banner grabbing?
β˜‘ β˜† βœ‡ DigiNinja

A walkthrough of a process which allows off the shelf hardware to automatically acquire a valid TLS certificate on startup.

By: DigiNinja β€”
A walkthrough of a process which allows off the shelf hardware to automatically acquire a valid TLS certificate on startup.
β˜‘ β˜† βœ‡ DigiNinja

I've spent the day testing an app which disables the right click context menu, this makes testing tricky so I found a one liner which I could drop into the browser console to re-enable it for me.

By: DigiNinja β€”
I've spent the day testing an app which disables the right click context menu, this makes testing tricky so I found a one liner which I could drop into the browser console to re-enable it for me.
β˜‘ β˜† βœ‡ DigiNinja

The results of a small experiment to see what my heart rate was like during my SANS instructor murder board.

By: DigiNinja β€”
The results of a small experiment to see what my heart rate was like during my SANS instructor murder board.
β˜‘ β˜† βœ‡ DigiNinja

Building a lab with ModSecurity and DVWA.

By: DigiNinja β€”
I've been meaning to build a ModSecurity lab for a while and seeing as I had some free time I decided it was about time to do it and to document it for everyone to share. The lab I built uses an up-to-date version of ModSecurity with a rule set taken from the SpiderLabs github repo and, so there is something to attack, I've included DVWA.
β˜‘ β˜† βœ‡ DigiNinja

An offer to take some friends running during SteelCon 2019.

By: DigiNinja β€”
An offer to take some friends running during SteelCon 2019.
β˜‘ β˜† βœ‡ DigiNinja

My AP Collection

By: DigiNinja β€”
I'm going to be doing some AP testing and this is a small part of the collection.
β˜‘ β˜† βœ‡ DigiNinja

The second part of my introduction to using ZAP to test WebSockets, this part focuses on fuzzing.

By: DigiNinja β€”
The following article is part two of my introduction to ZAP and testing WebSockets, in this episode I'll cover fuzzing. If you've not used ZAP before I suggest you look at some of the official tutorials first - ZAP home page, Videos. You can find my first part here OWASP ZAP and Web Sockets. The testing is being done against a small WebSockets based app I wrote called SocketToMe which has a few published services along with a few unpublished ones. In this article we are going to look at one of the published ones and try to identify some of the unpublished ones. The first feature I'll investigate is the number guessing game. Here the system picks a random number between 1 and 100 and you have to guess it. I'm going to cheat and see if I can get ZAP to play all 100 numbers for me to go for a quick win.
β˜‘ β˜† βœ‡ DigiNinja

Cool new Micro SD reader

By: DigiNinja β€”
This Micro SD reader is so small it is only just larger than the USB connector it is built on
β˜‘ β˜† βœ‡ DigiNinja

This scan result beats any I've seen from Nessus, Nikto or Nmap

By: DigiNinja β€”
This scan result beats any I've seen from Nessus, Nikto or Nmap. I'm going to be a daddy!
❌