| 2022-07-28 |
Another update to the Authlab, this time covering how to use John the Ripper and Hashcat to crack the keys used to sign JWTs. For more information, and a walk through. |
|
|
| 2022-07-28 |
I've just added a new challenge to the lab looking at exploiting the none algorithm. For more information, and a walk through. |
|
|
| 2021-12-09 |
A brief description of how to crack Flask session cookies and an introduction to the Cracked Flask Lab. |
DigiNinja |
|
| 2021-03-20 |
The DNS server that WSL2 uses returns records in a different way to a normal DNS server and because of this I ended up trying to log into the wrong server. This is my quick analysis of what is different, and what it caused to happen. |
DigiNinja |
|
| 2021-03-20 |
Talking about a way I found to split XSS payloads over multiple inputs to bypass input length limitations and input filtering. |
DigiNinja |
|
| 2021-03-20 |
Overriding the JavaScript alert function to find a hidden XSS. |
DigiNinja |
|
| 2021-03-20 |
I've added a new lab for looking at different ways to use HTML5 postMessage and their associated vulnerabilities. |
DigiNinja |
|
| 2019-08-06 |
A story about having to push through elitism to get to the real community. |
DigiNinja |
|
| 2019-07-30 |
New KreiosC2 language pack |
DigiNinja |
|
| 2019-07-10 |
An offer to take some friends running during SteelCon 2019. |
DigiNinja |
|
| 2019-06-26 |
A walkthrough of a process which allows off the shelf hardware to automatically acquire a valid TLS certificate on startup. |
DigiNinja |
|
| 2019-06-26 |
A proof of concept demonstration to go with the blog post TLS certs for internal OTS hardware. |
DigiNinja |
|
| 2019-06-14 |
I was recently contacted by Ryan Dewhurst to help him with an XSS issue he was having problems with. Ryan knows his stuff, and if he was having problems with something, I knew it had to be a fun challenge. This blog post covers debugging quirks in browser |
DigiNinja |
|
| 2019-05-10 |
I've just added a new challenge to the lab looking at exploiting the none algorithm. For more information, and a walk through. |
DigiNinja |
|
| 2019-05-08 |
I want my blog to reach as wide an audience as possible and to help with that, I'm asking for my readers to make suggestions for changes which will help make the site more accessible. |
DigiNinja |
|
| 2019-05-08 |
How I found the CHECK Team Leader Web Application exam |
DigiNinja |
|
| 2019-05-08 |
A little trick to extract stored FTP details |
DigiNinja |
|
| 2019-05-08 |
An update to my script to mine data out of Google Profiles |
DigiNinja |
|
| 2019-05-08 |
Going to WAR on Tomcat with Laundanum |
DigiNinja |
|
| 2019-05-08 |
A tool to brute force bucket names from Amazon S3 |
DigiNinja |
|
| 2019-05-08 |
Whats in Amazon's buckets? |
DigiNinja |
|
| 2019-05-08 |
Analysing Amazons Buckets |
DigiNinja |
|
| 2019-05-08 |
A tool to brute force user accounts on Mobile Me |
DigiNinja |
|
| 2019-05-08 |
Mobile Me Madness |
DigiNinja |
|
| 2019-05-08 |
Analysing Mobile Me |
DigiNinja |
|
| 2019-05-08 |
Wifi Honey |
DigiNinja |
|
| 2019-05-08 |
An application to parse files such as .DS_Store to reveal otherwise unlinked files on web sites. |
DigiNinja |
|
| 2019-05-08 |
Using decompression to avoid filters |
DigiNinja |
|
| 2019-05-08 |
A description of the different attack modes in Burp Intruder |
DigiNinja |
|
| 2019-05-08 |
Pipal of a database dump from comicbookdb. |
DigiNinja |
|
| 2019-05-08 |
Tiger Scheme Check Team Member Exam - A review of the Check Team Member exam. |
DigiNinja |
|
| 2019-05-08 |
Are secure web frameworks reducing long term security? |
DigiNinja |
|
| 2019-05-08 |
Hostapd Karma patches updated to hostapd version 1.0 |
DigiNinja |
|
| 2019-05-08 |
Are signs of the zodiac used as passwords? |
DigiNinja |
|
| 2019-05-08 |
Did you know Linux groups can have passwords? |
DigiNinja |
|
| 2019-05-08 |
A domain set up to help teach and explain DNS zone transfers. |
DigiNinja |
|
| 2019-05-08 |
This is part two of my write up of the findings from the Breaking In survey. |
DigiNinja |
|
| 2019-05-08 |
This is part one of my write up of the findings from the Breaking In survey. |
DigiNinja |
|
| 2019-05-08 |
My slides for my BSides London talk on Breaking in to Security |
DigiNinja |
|
| 2019-05-08 |
A set of interim results from my survey, how do I get started in security?. |
DigiNinja |
|
| 2019-05-08 |
A copy of my slides from OWASP Leeds covering the perils of autoconfiguring web cams with a bonus set presenting 'Whats in Amazon's buckets' |
DigiNinja |
|
| 2019-05-08 |
Ever wanted to ask, or help answer the question, how do I get started in security?. |
DigiNinja |
|
| 2019-05-08 |
Double tunnels to help a colleague in distress. |
DigiNinja |
|
| 2019-05-08 |
A Meterpreter script to download wireless profiles from Windows 7 and Vista boxes. |
DigiNinja |
|
| 2019-05-08 |
A story about Hakin9, the kings of spam |
DigiNinja |
|
| 2019-05-08 |
My AP Collection |
DigiNinja |
|
| 2019-05-08 |
Whats behind the door? |
DigiNinja |
|
| 2019-05-08 |
Would you give out your password? |
DigiNinja |
|
| 2019-05-08 |
Calc IP Range |
DigiNinja |
|
| 2019-05-08 |
#secvidofday |
DigiNinja |
|
| 2019-05-08 |
Releasing KreiosC2 version 3 |
DigiNinja |
|
| 2019-05-08 |
OSSEC rules for handling Kismet alerts files |
DigiNinja |
|
| 2019-05-08 |
The start of the PenTester Scripting project |
DigiNinja |
|
| 2019-05-08 |
Cool new Micro SD reader |
DigiNinja |
|
| 2019-05-08 |
New KreiosC2 language pack |
|
|
| 2019-05-08 |
Blindly Installing VMs and Using Live CDs |
DigiNinja |
|
| 2019-05-08 |
Convert a CSV file to an OSSEC rules file |
DigiNinja |
|
| 2019-05-08 |
Metasploit DNS MiTM and DHCP Exhaustion modules |
DigiNinja |
|
| 2019-05-08 |
A short script to do frequency analysis on lines in a file. |
DigiNinja |
|
| 2019-05-08 |
When All You Can Do Is Read. |
DigiNinja |
|
| 2019-05-08 |
Nessus Through SOCKS Through Meterpreter. |
DigiNinja |
|
| 2019-05-08 |
A modular brute force tool currently supporting HTTP(S), MySQL and SSH. |
DigiNinja |
|
| 2019-05-08 |
HTTP Banner Grabbing Beyond The Root |
DigiNinja |
|
| 2019-05-08 |
Viewing Pages documents in Linux |
DigiNinja |
|
| 2019-05-08 |
Do you have a second hand Trojan in your pocket? |
DigiNinja |
|
| 2019-05-08 |
A Metasploit module to accompany my blog post on finding interesting data in MSSQL databases. |
DigiNinja |
|
| 2019-05-08 |
Updated Metasploit sound module |
DigiNinja |
|
| 2019-05-08 |
Automating searching through MSSQL databases for interesting data. |
DigiNinja |
|
| 2019-05-08 |
This scan result beats any I've seen from Nessus, Nikto or Nmap |
DigiNinja |
|
| 2019-05-08 |
Karma comes into the modern age with patches for hostapd. |
DigiNinja |
|
| 2019-05-08 |
A pair of Metasploit modules to do DHCP exhaustion attack and then act as a DNS MiTM. |
DigiNinja |
|
| 2019-05-08 |
Convert Nessus v2 reports to CSV for easier manipulation and reporting. |
DigiNinja |
|
| 2019-05-08 |
Kismet log manipulation with GISKismet |
DigiNinja |
|
| 2019-05-08 |
A review of the Corelan Live Win32 Exploit Dev Bootcamp |
DigiNinja |
|
| 2019-05-08 |
DNS reconnaissance against wildcard domains |
DigiNinja |
|
| 2019-05-08 |
Using HTTP pipelining to hide requests. |
DigiNinja |
|
| 2019-05-08 |
I've spent the day testing an app which disables the right click context menu, this makes testing tricky so I found a one liner which I could drop into the browser console to re-enable it for me. |
DigiNinja |
|
| 2019-05-08 |
Accidentally Sharing CrashPlan Data |
DigiNinja |
|
| 2019-05-08 |
The plagiarism of Christian Bruhin |
DigiNinja |
|
| 2019-05-08 |
Windows RDP client, show login page |
DigiNinja |
|
| 2019-05-08 |
The results of a small experiment to see what my heart rate was like during my SANS instructor murder board. |
DigiNinja |
|
| 2019-05-08 |
I see a lot of requests for technical help with tools and projects, some good, some bad. This post covers what I like to see when someone asks a question. |
DigiNinja |
|
| 2019-05-08 |
Here is a little trick I just learned about to help prevent things like API keys from ending up in your Git repo. I've mentioned it to a few Git loving developers who all claimed that it is obvious and that loads of people are already using it, but, as we |
DigiNinja |
|
| 2019-05-08 |
Asking the question, when it is acceptable to miss a vulnerability on a test. |
DigiNinja |
|
| 2019-05-08 |
NoSQLi Lab |
DigiNinja |
|
| 2019-05-08 |
Trying to understand why the EE web portal doesn't have a password change feature. |
DigiNinja |
|
| 2019-05-08 |
A short guide to exploiting POST based reflected XSS using CSRF and iframes. |
DigiNinja |
|
| 2019-05-08 |
A write up of my recent experiences of getting clients involved during testing. |
DigiNinja |
|
| 2019-05-08 |
A short howto on removing the obfuscation added to non-default passwords by Nessus. |
DigiNinja |
|
| 2019-05-08 |
Pipal analysis of a password dump from the Neofriends dating site. |
|
|
| 2019-05-08 |
Pipal analysis of 13,000 passwords from the Lizard Squad dump. |
|
|
| 2019-05-08 |
New tool, Sitediff |
DigiNinja |
|
| 2019-05-08 |
A banking mutual authentication scheme that does not work. |
DigiNinja |
|
| 2019-05-08 |
Pipal analysis of a password dump from a dating site. |
|
|
| 2019-05-08 |
A logic gate challenge set by Pippa for the 2018 SteelCon kids track. |
DigiNinja |
|
| 2019-05-08 |
A worked example of setting up domain fronting with Cloudflare using ESNI. |
DigiNinja |
|
| 2019-05-08 |
A 101 on domain fronting along with some examples. |
DigiNinja |
|
| 2019-05-08 |
A worked example of setting up domain fronting with Cloudfront. |
DigiNinja |
|
| 2019-05-08 |
Some research on how to hide commands from the bash history. |
DigiNinja |
|
| 2019-05-08 |
Protecting against XSS in SVG |
DigiNinja |
|
