Technique, Tool and Lecture #1

Thursday is upon us!

From now on I will do my best to post a new Technique, Tool and Lecture (TTL) or what I call the Tender Loving Care (TLC) of Hackers every Thursday! Without Further ado:

Technique:

OS Command Execution with Web Application Firewall Bypass using wildcards aka globbing patterns

Link

I have yet to personally utilize this technique but I see myself finding this technique very useful in the future.

Tool:

Backup File Artifact Checker (bfac)

Link

Just want to say, I found value in this tool on an external blackbox penetration test where I found https://example.com/web.config unaccessible (returned a 403) but to my surprise, https://example.com/web.config~ was accessible! Since then, I always add ~ to the end of my file discovery phase!

Lecture:

Diggin’ Deep Into Newly Created Domains – Andrew Freebrey

Link

Can’t say I learned anything new in this lecture but still great review and a great talk.

Do you have any suggestions for a great tool, technique or lecture? Let me know!

Until next time!

Check out all the entries of this series!

End Transmission

One thought on “Technique, Tool and Lecture #1

Leave a Reply