Categories

• API 5
• application security 27
• automation 3
• Burp Suite 1
• consulting 6
• cracking 2
• development 4
• discovery 1
• Flask 4
• hacking 15
• leadership 5
• miscellaneous 3
• network security 11
• projects 7
• Recon-ng 4
• tools 11
• training 6

API

• Prototype Pollution in Flask
• Review: Burp Suite Certified Practitioner (Part 3 Final)
• Review: Burp Suite Certified Practitioner (Part 2)
• Review: Burp Suite Certified Practitioner
• No-Knowledge API Discovery

application security

• Burp BChecks: First Impressions
• Prototype Pollution in Flask
• Review: Burp Suite Certified Practitioner (Part 3 Final)
• Review: Burp Suite Certified Practitioner (Part 2)
• Review: Burp Suite Certified Practitioner
• No-Knowledge API Discovery
• Dynamic Discovery of Mass Assignment Vulnerabilities
• A Decade of Training
• XSS Active Defense
• SQLi Exploiter: Exploiting Complex SQL Injections
• Report Spam. Get Owned.
• Handling Missed Vulnerabilities
• Proxying thru Virtual Client VPNs
• Fun with XSShell
• Exploring SSTI in Flask/Jinja2 - Part 2
• Exploring SSTI in Flask/Jinja2
• Validating Redirects with Hyperlinks
• Regex: Regularly Exploitable
• Method Interchange: The Forgotten Vulnerability
• Session Fixation Demystified
• Cross-Site Trust Exploitation (XSTE)
• DOM-based Cross-Site Scripting, Revisited
• Defending Against Harvesting Attacks on Registration Systems
• Multi-POST Cross-Site Request Forgery
• Defending Against SSL Stripping Attacks
• Stealth Cookie Stealing (XSS technique)
• Local File Inclusion to Remote Command Execution using SSH

automation

• Get Off Your Butt and Teach Your Kids to Code
• WUDS: Wi-Fi User Detection System
• Raspberry Pi - Pianobar

Burp Suite

• Burp BChecks: First Impressions

consulting

• Burp BChecks: First Impressions
• Prototype Pollution in Flask
• Review: Burp Suite Certified Practitioner (Part 3 Final)
• Review: Burp Suite Certified Practitioner (Part 2)
• Review: Burp Suite Certified Practitioner
• Handling Missed Vulnerabilities

cracking

• Official Release: eapmd5crack.py
• Creating Complex Password Lists with John the Ripper

development

• Burp BChecks: First Impressions
• Dynamic Discovery of Mass Assignment Vulnerabilities
• A Decade of Training
• Get Off Your Butt and Teach Your Kids to Code

discovery

• No-Knowledge API Discovery

Flask

• Prototype Pollution in Flask
• Dynamic Discovery of Mass Assignment Vulnerabilities
• Exploring SSTI in Flask/Jinja2 - Part 2
• Exploring SSTI in Flask/Jinja2

hacking

• Prototype Pollution in Flask
• Review: Burp Suite Certified Practitioner (Part 3 Final)
• Review: Burp Suite Certified Practitioner (Part 2)
• Review: Burp Suite Certified Practitioner
• No-Knowledge API Discovery
• Dynamic Discovery of Mass Assignment Vulnerabilities
• XSS Active Defense
• SQLi Exploiter: Exploiting Complex SQL Injections
• Report Spam. Get Owned.
• Cooling Down the Hottest Ticket in Town
• Exploring SSTI in Flask/Jinja2 - Part 2
• Exploring SSTI in Flask/Jinja2
• Multi-POST Cross-Site Request Forgery
• ESPN Fantasy Football - The Complete Attack
• Hacking the DEFCON 18 Badge

leadership

• Review: Burp Suite Certified Practitioner (Part 3 Final)
• Review: Burp Suite Certified Practitioner (Part 2)
• Review: Burp Suite Certified Practitioner
• Get Off Your Butt and Teach Your Kids to Code
• Handling Missed Vulnerabilities

miscellaneous

• Email is Dead. Long Live Email.
• Cooling Down the Hottest Ticket in Town
• A Work in Progress

network security

• Handling Missed Vulnerabilities
• Proxying thru Virtual Client VPNs
• Getting Shell in Modern Restricted User Environments
• IPS Avoidance with Vulnerability Scanners
• Manual Local Hash Extraction
• Public Facing LDAP Enumeration
• Catching and Cleaning a Phish
• Taming the Stubborn Tomcat
• 7 Linux Shells Using Built-in Tools
• Defeating 802.1x with Marvin
• No Nmap, No Permissions, No Problem

projects

• SQLi Exploiter: Exploiting Complex SQL Injections
• Recon-ng Update (v4.6.0)
• WUDS: Wi-Fi User Detection System
• Recon-ng Update (v4.0.0)
• Recon-ng Update (v3.3.3)
• Recon-ng Update (v3.0.3)
• Official Release: eapmd5crack.py

Recon-ng

• Recon-ng Update (v4.6.0)
• Recon-ng Update (v4.0.0)
• Recon-ng Update (v3.3.3)
• Recon-ng Update (v3.0.3)

tools

• Burp BChecks: First Impressions
• Review: Burp Suite Certified Practitioner (Part 3 Final)
• Review: Burp Suite Certified Practitioner (Part 2)
• Review: Burp Suite Certified Practitioner
• SQLi Exploiter: Exploiting Complex SQL Injections
• Recon-ng Update (v4.6.0)
• WUDS: Wi-Fi User Detection System
• Recon-ng Update (v4.0.0)
• Recon-ng Update (v3.3.3)
• Recon-ng Update (v3.0.3)
• Official Release: eapmd5crack.py

training

• Burp BChecks: First Impressions
• Review: Burp Suite Certified Practitioner (Part 3 Final)
• Review: Burp Suite Certified Practitioner (Part 2)
• Review: Burp Suite Certified Practitioner
• Dynamic Discovery of Mass Assignment Vulnerabilities
• A Decade of Training