Internet Hygiene

Internet Hygiene or an individual's Operation Security (OpSec) is how aware and careful you are when you use the internet. Whether it be surfing the web, playing games or using social media you are constantly leaking information. In my example today, I took a license plate from an ebay posting Then I used a search … Continue reading Internet Hygiene →

Technique, Tool and Lecture #5

Technique: Quick and Easy Bypass for Tomcat 8 on Windows https://x.x.x.x/WEB-INF/web.xml -> 403 Forbidden https://x.x.x.x/./WEB-INF/web.xml -> 403 Forbidden https://x.x.x.x/.//WEB-INF/web.xml -> 200 OK Haven't had a chance to use this yet, but I'm sure I will soon Source Tool: Karma So awesome! Lets you search by username, domain or password. For example I can search by … Continue reading Technique, Tool and Lecture #5 →

Technique, Tool and Lecture #4

Another round of techniques, tools and lectures 😀 Technique: This time it is not as much as of a technique but a trove of resources! I have found many resources for books/publications relevant to my career. I'll admit, I'm much more of a fan of physical copies. That said, if you're okay with PDFs then … Continue reading Technique, Tool and Lecture #4 →

Technique, Tool and Lecture #3

Time for another entry of Technique, Tool and Lecture! Technique: <!<script>alert(1)</script> The key point is the <! which one researcher found sometimes allow bypassing AWS WAF. Yes, that simple... Source Tool: Spiderfoot, a great tool for both semi-active and passive reconnaissance! Here are a list of modules that I run when I am at the … Continue reading Technique, Tool and Lecture #3 →

Burp Suite Extensions

Burp Suite is definitely the most used tool for me on a daily basis since I started my new job. Which is funny in a way because in my old job, I found myself relying too heavily on it and trusting it way too much. That said, it is also my favorite tool. Don't get … Continue reading Burp Suite Extensions →