Clik here to view.
Grab password with XSS
Automatic completion of passwords in web forms allows attackers to grab your password if an XSS vulnerability exists. We don’t usually associate XSS vulnerabilities with compromised passwords, but it...
View ArticleClik here to view.
CSRF Discoverer – A Chrome extension
CSRF Discoverer is a Chrome extension to easily discover potential CSRF vulnerabilities in web applications.Cross-Site Request Forgery (CSRF) is the kind of vulnerability that often goes unnoticed. In...
View ArticleClik here to view.
How to set up a Wifi captive portal
This post describes how an attacker can set up a fake Wifi network and prompt a login screen on the user’s device when a victim tries to connect. Goals The objective of this Wifi captive portal is to...
View ArticleClik here to view.
V – For Victor
In celebration of the birth of my godson Victor in July 2014, I composed a small piece for piano. Click the image above to download the sheet music, and listen to a somewhat messy recording below.
View ArticleHack.lu 2015: Creative Cheating
Write-up of Hack.lu 2015’s Creative Cheating challenge. The first challenge I solved on Hack.lu 2015, hosted by FluxFingers, was Creative Cheating. The challenge Mr. Miller suspects that some of his...
View ArticleClik here to view.
Punicoder – discover domains that are phishing you
So we’re seeing homograph attacks again. Examples show how ‘apple.com’ and ‘epic.com’ can be mimicked by the use of Internationalized Domain Names (IDN) consisting entirely of unicode characters, i.e....
View ArticleClik here to view.
From blind XXE to root-level file read access
Polyphemus, by Johann Heinrich Wilhelm Tischbein, 1802 (Landesmuseum Oldenburg) On a recent bug bounty adventure, I came across an XML endpoint that responded interestingly to attempted XXE...
View ArticleClik here to view.
RCE in Slanger, a Ruby implementation of Pusher
While researching a web application last February, I learned about Slanger, an open source server implementation of Pusher. In this post I describe the discovery of a critical RCE vulnerability in...
View ArticleClik here to view.
I’ve Got You Under My Skin, Bill Evans Solo Transcription
Download my transcription of Bill Evans’ piano solo in I’ve Got You Under My Skin below. The solo starts around the 1:04 mark on the recording as found on the album “Intermodulation” with Jim Hall....
View ArticleClik here to view.
How to: Burp ♥ OpenVPN
When performing security tests, you will often be required to send all of your traffic through a VPN. If you don’t want to send all of your local traffic over the same VPN, configuring an easy-to-use...
View ArticleHTTP Request Smuggling – 5 Practical Tips
When James Kettle (@albinowax) from PortSwigger published his ground-breaking research on HTTP request smuggling six months ago, I did not immediately delve into the details of it. Instead, I ignored...
View ArticleClik here to view.
XXE-scape through the front door: circumventing the firewall with HTTP...
In this write-up, I want to share a cool way in which I was able to bypass firewall limitations that were stopping me from successfully exploiting an XML External Entity injection (XXE) vulnerability....
View ArticleClik here to view.
CVE-2020-11518: how I bruteforced my way into your Active Directory
Last May, I discovered that a critical vulnerability I had reported earlier this year had resulted in my first CVE. Since the combination of vulnerabilities that led to this unauthenticated remote...
View ArticleClik here to view.
Introducing BBRF: yet another Bug Bounty Reconnaissance Framework
An example use case of bbrf, here integrating with subfinder from projectdiscovery.io Like anyone involved in bug bounty hunting, I have encountered a number of challenges in organizing my...
View ArticleWILSON Cloud Respwnder
If you’re a Burp Suite user, you’ll be familiar with Burp Collaborator: a service that allows you to monitor out-of-band interactions to a remote server, which can indicate a potential security...
View Article
