RSS Security

πŸ”’
❌ About FreshRSS
There are new articles available, click to refresh the page.
β˜‘ β˜† βœ‡ DigiNinja

The DNS server that WSL2 uses returns records in a different way to a normal DNS server and because of this I ended up trying to log into the wrong server. This is my quick analysis of what is different, and what it caused to happen.

By: DigiNinja β€”
The DNS server that WSL2 uses returns records in a different way to a normal DNS server and because of this I ended up trying to log into the wrong server. This is my quick analysis of what is different, and what it caused to happen.
β˜‘ β˜† βœ‡ DigiNinja

Talking about a way I found to split XSS payloads over multiple inputs to bypass input length limitations and input filtering.

By: DigiNinja β€”
Talking about a way I found to split XSS payloads over multiple inputs to bypass input length limitations and input filtering.
β˜‘ β˜† βœ‡ DigiNinja

An idea for a report writing competition

By: DigiNinja β€”
A lot of conferences have CTFs but how about testing people's report writing skills as well? This post contains some ideas I've had to run a competition which would test report writing skills.
β˜‘ β˜† βœ‡ DigiNinja

Pipal is a password analysis tool

By: DigiNinja β€”
Pipal analyses a cracked password list to help analysts spot patterns. Stats are generated on everything from the different lenghts to the character types to the words that other words are based on.
β˜‘ β˜† βœ‡ DigiNinja

A Metasploit module for enumerating directories and files through MySQL

By: DigiNinja β€”
Tim Tomes wrote a blog post on enumerating directories and files through a MySQL connection, this module automates that process.
β˜‘ β˜† βœ‡ DigiNinja

Analysing Mobile Me

By: DigiNinja β€”
Analysis of the content I found when trawling Mobile Me accounts looking for public information.
β˜‘ β˜† βœ‡ DigiNinja

DNS reconnaissance against wildcard domains

By: DigiNinja β€”
I recently did a test against a company and in the debrief they asked how I managed to enumerate so many of their subdomains as they were using a wildcard DNS setup and the previous tester had commented that it prevented DNS enumeration. When I explained to them how the wildcard only obscured valid domains they had a few choice words for the previous tester and I figured it would make a nice little blog post.
β˜‘ β˜† βœ‡ DigiNinja

Wifi Honey

By: DigiNinja β€”
Automation of setting up a bunch of APs and airodump-ng to work out what encryption a client is probing for.
β˜‘ β˜† βœ‡ DigiNinja

How I found the CHECK Team Leader Web Application exam

By: DigiNinja β€”
A write up on my experiences taking, and passing, the CHECK Team Leader Web App Exam
β˜‘ β˜† βœ‡ DigiNinja

Ever wanted to ask, or help answer the question, how do I get started in security?.

By: DigiNinja β€”
This is my attempt to collect enough data to be able to answer the eternal question, 'How do I get started in Information Security?'. I've put together a questionnaire which I'll summarize the answers from and hopefully present at conferences and also summarise here on the site.
β˜‘ β˜† βœ‡ DigiNinja

A copy of my slides from OWASP Leeds covering the perils of autoconfiguring web cams with a bonus set presenting 'Whats in Amazon's buckets'

By: DigiNinja β€”
The story of how I analysed a new IP web camera and found how it automatically tried to punch a hole through my firewall and register itself with dynamic DNS server to tell the world it was there. The slides also contain a bonus talk covering my blog post and project on 'Whats in Amazon's buckets'
β˜‘ β˜† βœ‡ DigiNinja

My slides for my BSides London talk on Breaking in to Security

By: DigiNinja β€”
At BSides London I presented the findings from the Breaking in to Security survey, here are my slides and a link to the data collected so far.
β˜‘ β˜† βœ‡ DigiNinja

A description of the different attack modes in Burp Intruder

By: DigiNinja β€”
Burp Intruder has four different attack modes, this post shows the differences between those four modes.
β˜‘ β˜† βœ‡ DigiNinja

A domain set up to help teach and explain DNS zone transfers.

By: DigiNinja β€”
Ever found yourself in a position where you have to teach or explain DNS zone transfers but not had a domain to run the transfer on? This domain is set up to allow transfers and contains plenty of information to work with. I've also explained how I would interpret the information.
β˜‘ β˜† βœ‡ DigiNinja

A set of interim results from my survey, how do I get started in security?.

By: DigiNinja β€”
Seeing as I had over 200 responses to the "Breaking In" survey in just 5 days I've plucked out a couple of interesting stats from the responses and posted them to whet your appitite.
β˜‘ β˜† βœ‡ DigiNinja

A tool to brute force bucket names from Amazon S3

By: DigiNinja β€”
This tool will brute force bucket names from Amazon's S3 system and then enumerate files associated with any public buckets found.
β˜‘ β˜† βœ‡ DigiNinja

An update to my script to mine data out of Google Profiles

By: DigiNinja β€”
Google Profile scraping can be used a part of recon work to gather staff lists, this script automates that process
β˜‘ β˜† βœ‡ DigiNinja

A tool to brute force user accounts on Mobile Me

By: DigiNinja β€”
This tool will brute force user accounts with Mobile Me and then enumerate files associated with any public accounts found.
β˜‘ β˜† βœ‡ DigiNinja

Mobile Me Madness

By: DigiNinja β€”
A brief description of how Mobile Me allows access to its file listings and how to interpret them.
❌