Thursday is upon us!
From now on I will do my best to post a new Technique, Tool and Lecture (TTL) or what I call the Tender Loving Care (TLC) of Hackers every Thursday! Without Further ado:
Technique:
OS Command Execution with Web Application Firewall Bypass using wildcards aka globbing patterns
I have yet to personally utilize this technique but I see myself finding this technique very useful in the future.
Tool:
Backup File Artifact Checker (bfac)
Just want to say, I found value in this tool on an external blackbox penetration test where I found https://example.com/web.config unaccessible (returned a 403) but to my surprise, https://example.com/web.config~ was accessible! Since then, I always add ~ to the end of my file discovery phase!
Lecture:
Diggin’ Deep Into Newly Created Domains – Andrew Freebrey
Can’t say I learned anything new in this lecture but still great review and a great talk.
Do you have any suggestions for a great tool, technique or lecture? Let me know!
Until next time!
Check out all the entries of this series!
- Technique Tool and Lecture #14
- Technique Tool and Lecture #13
- Technique, Tool and Lecture #12
- Technique, Tool and Lecture #11
- Technique Tool and Lecture #10
- Technique, Tool and Lecture #9
- Technique, Tool and Lecture #8
- Technique, Tool and Lecture #7
- Technique, Tool and Lecture #6
- Technique, Tool and Lecture #5
- Technique, Tool and Lecture #4
- Technique, Tool and Lecture #3
- Technique, Tool and Lecture #2
- Technique, Tool and Lecture #1
End Transmission