Archive

2024

July

July 15, 2024 » Email is Dead. Long Live Email.

2023

July

July 5, 2023 » Burp BChecks: First Impressions

February

February 1, 2023 » Prototype Pollution in Flask

2022

January

January 5, 2022 » Review: Burp Suite Certified Practitioner (Part 3 Final)

2021

November

November 18, 2021 » Review: Burp Suite Certified Practitioner (Part 2)
November 15, 2021 » Review: Burp Suite Certified Practitioner

June

June 14, 2021 » No-Knowledge API Discovery

2019

June

June 14, 2019 » Dynamic Discovery of Mass Assignment Vulnerabilities

February

February 22, 2019 » A Decade of Training

2018

December

December 8, 2018 » Get Off Your Butt and Teach Your Kids to Code

June

June 18, 2018 » XSS Active Defense

May

May 24, 2018 » SQLi Exploiter: Exploiting Complex SQL Injections

March

March 15, 2018 » Report Spam. Get Owned.

2017

August

August 26, 2017 » Cooling Down the Hottest Ticket in Town

April

April 5, 2017 » Handling Missed Vulnerabilities

2016

December

December 1, 2016 » Proxying thru Virtual Client VPNs

July

July 15, 2016 » Fun with XSShell

March

March 11, 2016 » Exploring SSTI in Flask/Jinja2 - Part 2
March 9, 2016 » Exploring SSTI in Flask/Jinja2

2015

December

December 2, 2015 » Validating Redirects with Hyperlinks

June

June 11, 2015 » Regex: Regularly Exploitable

May

May 21, 2015 » Recon-ng Update (v4.6.0)
May 12, 2015 » Method Interchange: The Forgotten Vulnerability

2014

October

October 29, 2014 » Session Fixation Demystified
October 2, 2014 » WUDS: Wi-Fi User Detection System

May

May 21, 2014 » Cross-Site Trust Exploitation (XSTE)
May 16, 2014 » Recon-ng Update (v4.0.0)
May 11, 2014 » Raspberry Pi - Pianobar

March

March 1, 2014 » DOM-based Cross-Site Scripting, Revisited

February

February 17, 2014 » Defending Against Harvesting Attacks on Registration Systems

January

January 19, 2014 » Recon-ng Update (v3.3.3)

2013

November

November 14, 2013 » Recon-ng Update (v3.0.3)

October

October 23, 2013 » Getting Shell in Modern Restricted User Environments

July

July 17, 2013 » Multi-POST Cross-Site Request Forgery

May

May 27, 2013 » IPS Avoidance with Vulnerability Scanners
May 24, 2013 » Manual Local Hash Extraction
May 24, 2013 » Public Facing LDAP Enumeration
May 23, 2013 » Catching and Cleaning a Phish

April

April 19, 2013 » A Work in Progress

March

March 4, 2013 » Taming the Stubborn Tomcat

2012

December

December 4, 2012 » Defending Against SSL Stripping Attacks

2011

May

May 27, 2011 » 7 Linux Shells Using Built-in Tools
May 13, 2011 » Stealth Cookie Stealing (XSS technique)
May 9, 2011 » Local File Inclusion to Remote Command Execution using SSH

April

April 21, 2011 » Defeating 802.1x with Marvin
April 21, 2011 » Official Release: eapmd5crack.py

February

February 28, 2011 » Creating Complex Password Lists with John the Ripper

2010

September

September 23, 2010 » ESPN Fantasy Football - The Complete Attack

August

August 2, 2010 » Hacking the DEFCON 18 Badge

April

April 16, 2010 » No Nmap, No Permissions, No Problem