DigiNinja
订阅

最新

1. My opinion on the Sony hack.
2. A huge thank you to the amazing hacker community.
3. A tool to follow HTTP redirects showing the full details at each request, collecting and replaying cookies on the way.
4. Pipal of a database dump from comicbookdb.
5. Pipal gets a Kippo log parser to show what passwords attackers are using when brute forcing SSH servers.
6. A Pipal analysis of the Manga Traders password dump, some interesting results when looking at demographics and reuse of username/email addresses as passwords.
7. A new Pipal checker to look at the relationship between email addresses and passwords.
8. My opinion on the eBay password reset policy - no pasting and 20 character caps are bad.
9. Custom word list generator based on tweets - Update to use the new Twitter search API
10. A script I knocked together to import issues from my DradisPro install into MediaWiki so they could be the start of my issues library.
11. Do you include steps to reproduce vulnerabilities in your security reports? In this post I think about how to do this.
12. Part two of the exploiting RIP series, this time looking at RIPv2 and it's authentication mechanisms.
13. A Pipal analysis of the recent Tesco password disclosure.
14. Write up of my efforts to track down what turned out to be an accidental DoS against my Gmail account.
15. Setting up a RIPv1 lab in GNS3 and then exploiting it to poison routes between two machines.
16. Abusing Cisco Dynamic Trunking Protocol, DTP, to change a switch port from access to trunk mode to gain access to all VLAN traffic.
17. Adding VLANs to the GNS3/VirtualBox Lab
18. Integrating GNS3 and VirtualBox - This is the first part of a series integrating GNS3 and VirtualBox to build a lab to play with layer 2 attacks
19. Sitemap2Proxy takes the sitemap published by a web app and requests each page through your specified proxy. This release adds response code stats to the output.
20. Building a lab with ModSecurity and DVWA.
21. Version 5.0 of CeWL adds proxy and basic/digest authentication support along with a few small bug fixes.
22. Extract meta data from videos taken on iPhones.
23. The second part of my introduction to using ZAP to test WebSockets, this part focuses on fuzzing.
24. I recently decided it was time to learn how to test WebSockets and so decided to take the opportunity to learn a bit about how ZAP works. This two part blog post covers a brief into to ZAP and how it interacts with WebSockets and then looks in depth at how to fuzz them.
25. A WebSocket based application which goes along side the blog post on ZAP and WebSockets.
26. Pipal now has a modular structure allowing you to write your own Checkers and Splitters, this is a brief introduction to how they both work.
27. A proof of concept application which takes observed key presses and generates a list of potential passwords.
28. Enumerating shares on the SpiderOak network.
29. A companion tool to Pipal which can spot keyboard patterns in password lists.
30. A simple script to create files containing binary data.
31. Using Google Analytics tracking codes to find relationships between domains.
32. How I'm going to spend my share of the 25,000 euro BruCON 5x5 cash.
33. Abusing a DDNS service to find IP cameras around the world.
34. An idea for a report writing competition
35. A Metasploit module for enumerating directories and files through MySQL
36. DNS reconnaissance against wildcard domains
37. A story about Hakin9, the kings of spam
38. A review of the Corelan Live Win32 Exploit Dev Bootcamp
39. Extract all URLs from a sitemap.xml file and request them through a proxy of your choosing.
40. Version 4.3 of CeWL adds result sorting by word count, with optional display of the count, also various bug fixes.
41. Hostapd Karma patches updated to hostapd version 1.0
42. Are signs of the zodiac used as passwords?
43. Did you know Linux groups can have passwords?
44. Custom word list generator based on tweets
45. Are secure web frameworks reducing long term security?
46. Version 4.2 of CeWL which fixes a major problem found in the spider I'm using.
47. This is part two of my write up of the findings from the Breaking In survey.
48. This is part one of my write up of the findings from the Breaking In survey.
49. My slides for my BSides London talk on Breaking in to Security
50. A set of interim results from my survey, how do I get started in security?.
51. A copy of my slides from OWASP Leeds covering the perils of autoconfiguring web cams with a bonus set presenting 'Whats in Amazon's buckets'
52. Ever wanted to ask, or help answer the question, how do I get started in security?.
53. A domain set up to help teach and explain DNS zone transfers.
54. Pipal is a password analysis tool
55. How I found the CHECK Team Leader Web Application exam
56. A description of the different attack modes in Burp Intruder
57. Using decompression to avoid filters
58. An application to parse files such as .DS_Store to reveal otherwise unlinked files on web sites.
59. CeWL Version 4
60. Wifi Honey
61. Analysing Mobile Me
62. Mobile Me Madness
63. A tool to brute force user accounts on Mobile Me
64. Analysing Amazons Buckets
65. Whats in Amazon's buckets?
66. A tool to brute force bucket names from Amazon S3
67. Going to WAR on Tomcat with Laundanum
68. An update to my script to mine data out of Google Profiles
69. A little trick to extract stored FTP details
70. Double tunnels to help a colleague in distress.
71. Tiger Scheme Check Team Member Exam - A review of the Check Team Member exam.
72. A Meterpreter script to download wireless profiles from Windows 7 and Vista boxes.
73. A short script to do frequency analysis on lines in a file.
74. When All You Can Do Is Read.
75. Nessus Through SOCKS Through Meterpreter.
76. A modular brute force tool currently supporting HTTP(S), MySQL and SSH.
77. HTTP Banner Grabbing Beyond The Root
78. Viewing Pages documents in Linux
79. Do you have a second hand Trojan in your pocket?
80. A custom wordlist generator with a twist.
81. A Metasploit module to accompany my blog post on finding interesting data in MSSQL databases.
82. Automating searching through MSSQL databases for interesting data.
83. This scan result beats any I've seen from Nessus, Nikto or Nmap
84. Karma comes into the modern age with patches for hostapd.
85. A pair of Metasploit modules to do DHCP exhaustion attack and then act as a DNS MiTM.
86. Convert Nessus v2 reports to CSV for easier manipulation and reporting.
87. Kismet log manipulation with GISKismet
88. Updated Metasploit sound module
89. Metasploit DNS MiTM and DHCP Exhaustion modules
90. OSSEC rules for handling Kismet alerts files
91. Convert a CSV file to an OSSEC rules file
92. Whats behind the door?
93. Don't just see on screen that you've got a new Metasploit session, be told by a nice lady.
94. Would you give out your password?
95. CeWL Version 3
96. Calc IP Range
97. #secvidofday
98. My AP Collection
99. Releasing KreiosC2 version 3
100. The start of the PenTester Scripting project
更新于 33 分钟前

近期历史最近 100 条记录

2022-07-28 Another update to the Authlab, this time covering how to use John the Ripper and Hashcat to crack the keys used to sign JWTs. For more information, and a walk through.
2022-07-28 I've just added a new challenge to the lab looking at exploiting the none algorithm. For more information, and a walk through.
2021-12-09 A brief description of how to crack Flask session cookies and an introduction to the Cracked Flask Lab. DigiNinja
2021-03-20 The DNS server that WSL2 uses returns records in a different way to a normal DNS server and because of this I ended up trying to log into the wrong server. This is my quick analysis of what is different, and what it caused to happen. DigiNinja
2021-03-20 Talking about a way I found to split XSS payloads over multiple inputs to bypass input length limitations and input filtering. DigiNinja
2021-03-20 Overriding the JavaScript alert function to find a hidden XSS. DigiNinja
2021-03-20 I've added a new lab for looking at different ways to use HTML5 postMessage and their associated vulnerabilities. DigiNinja
2019-08-06 A story about having to push through elitism to get to the real community. DigiNinja
2019-07-30 New KreiosC2 language pack DigiNinja
2019-07-10 An offer to take some friends running during SteelCon 2019. DigiNinja
2019-06-26 A walkthrough of a process which allows off the shelf hardware to automatically acquire a valid TLS certificate on startup. DigiNinja
2019-06-26 A proof of concept demonstration to go with the blog post TLS certs for internal OTS hardware. DigiNinja
2019-06-14 I was recently contacted by Ryan Dewhurst to help him with an XSS issue he was having problems with. Ryan knows his stuff, and if he was having problems with something, I knew it had to be a fun challenge. T DigiNinja
2019-05-10 A set of walkthroughs for the challenges set in my Authentication Lab. DigiNinja
2019-05-08 I want my blog to reach as wide an audience as possible and to help with that, I'm asking for my readers to make suggestions for changes which will help make the site more accessible. DigiNinja
2019-05-08 How I found the CHECK Team Leader Web Application exam DigiNinja
2019-05-08 A little trick to extract stored FTP details DigiNinja
2019-05-08 An update to my script to mine data out of Google Profiles DigiNinja
2019-05-08 Going to WAR on Tomcat with Laundanum DigiNinja
2019-05-08 A tool to brute force bucket names from Amazon S3 DigiNinja
2019-05-08 Whats in Amazon's buckets? DigiNinja
2019-05-08 Analysing Amazons Buckets DigiNinja
2019-05-08 A tool to brute force user accounts on Mobile Me DigiNinja
2019-05-08 Mobile Me Madness DigiNinja
2019-05-08 Analysing Mobile Me DigiNinja
2019-05-08 Wifi Honey DigiNinja
2019-05-08 An application to parse files such as .DS_Store to reveal otherwise unlinked files on web sites. DigiNinja
2019-05-08 Using decompression to avoid filters DigiNinja
2019-05-08 A description of the different attack modes in Burp Intruder DigiNinja
2019-05-08 Pipal of a database dump from comicbookdb. DigiNinja
2019-05-08 Tiger Scheme Check Team Member Exam - A review of the Check Team Member exam. DigiNinja
2019-05-08 Are secure web frameworks reducing long term security? DigiNinja
2019-05-08 Hostapd Karma patches updated to hostapd version 1.0 DigiNinja
2019-05-08 Are signs of the zodiac used as passwords? DigiNinja
2019-05-08 Did you know Linux groups can have passwords? DigiNinja
2019-05-08 A domain set up to help teach and explain DNS zone transfers. DigiNinja
2019-05-08 This is part two of my write up of the findings from the Breaking In survey. DigiNinja
2019-05-08 This is part one of my write up of the findings from the Breaking In survey. DigiNinja
2019-05-08 My slides for my BSides London talk on Breaking in to Security DigiNinja
2019-05-08 A set of interim results from my survey, how do I get started in security?. DigiNinja
2019-05-08 A copy of my slides from OWASP Leeds covering the perils of autoconfiguring web cams with a bonus set presenting 'Whats in Amazon's buckets' DigiNinja
2019-05-08 Ever wanted to ask, or help answer the question, how do I get started in security?. DigiNinja
2019-05-08 Double tunnels to help a colleague in distress. DigiNinja
2019-05-08 A Meterpreter script to download wireless profiles from Windows 7 and Vista boxes. DigiNinja
2019-05-08 A story about Hakin9, the kings of spam DigiNinja
2019-05-08 My AP Collection DigiNinja
2019-05-08 Whats behind the door? DigiNinja
2019-05-08 Would you give out your password? DigiNinja
2019-05-08 Calc IP Range DigiNinja
2019-05-08 #secvidofday DigiNinja
2019-05-08 Releasing KreiosC2 version 3 DigiNinja
2019-05-08 OSSEC rules for handling Kismet alerts files DigiNinja
2019-05-08 The start of the PenTester Scripting project DigiNinja
2019-05-08 Cool new Micro SD reader DigiNinja
2019-05-08 New KreiosC2 language pack
2019-05-08 Blindly Installing VMs and Using Live CDs DigiNinja
2019-05-08 Convert a CSV file to an OSSEC rules file DigiNinja
2019-05-08 Metasploit DNS MiTM and DHCP Exhaustion modules DigiNinja
2019-05-08 A short script to do frequency analysis on lines in a file. DigiNinja
2019-05-08 When All You Can Do Is Read. DigiNinja
2019-05-08 Nessus Through SOCKS Through Meterpreter. DigiNinja
2019-05-08 A modular brute force tool currently supporting HTTP(S), MySQL and SSH. DigiNinja
2019-05-08 HTTP Banner Grabbing Beyond The Root DigiNinja
2019-05-08 Viewing Pages documents in Linux DigiNinja
2019-05-08 Do you have a second hand Trojan in your pocket? DigiNinja
2019-05-08 A Metasploit module to accompany my blog post on finding interesting data in MSSQL databases. DigiNinja
2019-05-08 Updated Metasploit sound module DigiNinja
2019-05-08 Automating searching through MSSQL databases for interesting data. DigiNinja
2019-05-08 This scan result beats any I've seen from Nessus, Nikto or Nmap DigiNinja
2019-05-08 Karma comes into the modern age with patches for hostapd. DigiNinja
2019-05-08 A pair of Metasploit modules to do DHCP exhaustion attack and then act as a DNS MiTM. DigiNinja
2019-05-08 Convert Nessus v2 reports to CSV for easier manipulation and reporting. DigiNinja
2019-05-08 Kismet log manipulation with GISKismet DigiNinja
2019-05-08 A review of the Corelan Live Win32 Exploit Dev Bootcamp DigiNinja
2019-05-08 DNS reconnaissance against wildcard domains DigiNinja
2019-05-08 Using HTTP pipelining to hide requests. DigiNinja
2019-05-08 I've spent the day testing an app which disables the right click context menu, this makes testing tricky so I found a one liner which I could drop into the browser console to re-enable it for me. DigiNinja
2019-05-08 Accidentally Sharing CrashPlan Data DigiNinja
2019-05-08 The plagiarism of Christian Bruhin DigiNinja
2019-05-08 Windows RDP client, show login page DigiNinja
2019-05-08 The results of a small experiment to see what my heart rate was like during my SANS instructor murder board. DigiNinja
2019-05-08 I see a lot of requests for technical help with tools and projects, some good, some bad. This post covers what I like to see when someone asks a question. DigiNinja
2019-05-08 Here is a little trick I just learned about to help prevent things like API keys from ending up in your Git repo. I've mentioned it to a few Git loving developers who all claimed that it is obvious and that loads of people are already using it, but, as we DigiNinja
2019-05-08 Asking the question, when it is acceptable to miss a vulnerability on a test. DigiNinja
2019-05-08 NoSQLi Lab DigiNinja
2019-05-08 Trying to understand why the EE web portal doesn't have a password change feature. DigiNinja
2019-05-08 A short guide to exploiting POST based reflected XSS using CSRF and iframes. DigiNinja
2019-05-08 A write up of my recent experiences of getting clients involved during testing. DigiNinja
2019-05-08 A short howto on removing the obfuscation added to non-default passwords by Nessus. DigiNinja
2019-05-08 Pipal analysis of a password dump from the Neofriends dating site.
2019-05-08 Pipal analysis of 13,000 passwords from the Lizard Squad dump.
2019-05-08 New tool, Sitediff DigiNinja
2019-05-08 A banking mutual authentication scheme that does not work. DigiNinja
2019-05-08 Pipal analysis of a password dump from a dating site.
2019-05-08 A logic gate challenge set by Pippa for the 2018 SteelCon kids track. DigiNinja
2019-05-08 A worked example of setting up domain fronting with Cloudflare using ESNI. DigiNinja
2019-05-08 A 101 on domain fronting along with some examples. DigiNinja
2019-05-08 A worked example of setting up domain fronting with Cloudfront. DigiNinja
2019-05-08 Some research on how to hide commands from the bash history. DigiNinja
2019-05-08 Protecting against XSS in SVG DigiNinja

匿名用户只展示最新 100 条榜单历史,更多历史数据请登录后查看,支持时光机按天筛选

Sponsors

今日解忧 - 赛博修行,舒缓静心,21世纪解压神器!
今日历 - 全球最全的日历,日历届的航空母舰!
百晓生AI - 全能创作助手

猜你喜欢