DigiNinja 今日热榜



最新

1.	My opinion on the Sony hack.	
2.	A huge thank you to the amazing hacker community.	
3.	A tool to follow HTTP redirects showing the full details at each request, collecting and replaying cookies on the way.	
4.	Pipal of a database dump from comicbookdb.	
5.	Pipal gets a Kippo log parser to show what passwords attackers are using when brute forcing SSH servers.	
6.	A Pipal analysis of the Manga Traders password dump, some interesting results when looking at demographics and reuse of username/email addresses as passwords.	
7.	A new Pipal checker to look at the relationship between email addresses and passwords.	
8.	My opinion on the eBay password reset policy - no pasting and 20 character caps are bad.	
9.	Custom word list generator based on tweets - Update to use the new Twitter search API	
10.	A script I knocked together to import issues from my DradisPro install into MediaWiki so they could be the start of my issues library.	
11.	Do you include steps to reproduce vulnerabilities in your security reports? In this post I think about how to do this.	
12.	Part two of the exploiting RIP series, this time looking at RIPv2 and it's authentication mechanisms.	
13.	A Pipal analysis of the recent Tesco password disclosure.	
14.	Write up of my efforts to track down what turned out to be an accidental DoS against my Gmail account.	
15.	Setting up a RIPv1 lab in GNS3 and then exploiting it to poison routes between two machines.	
16.	Abusing Cisco Dynamic Trunking Protocol, DTP, to change a switch port from access to trunk mode to gain access to all VLAN traffic.	
17.	Adding VLANs to the GNS3/VirtualBox Lab	
18.	Integrating GNS3 and VirtualBox - This is the first part of a series integrating GNS3 and VirtualBox to build a lab to play with layer 2 attacks	
19.	Sitemap2Proxy takes the sitemap published by a web app and requests each page through your specified proxy. This release adds response code stats to the output.	
20.	Building a lab with ModSecurity and DVWA.	
21.	Version 5.0 of CeWL adds proxy and basic/digest authentication support along with a few small bug fixes.	
22.	Extract meta data from videos taken on iPhones.	
23.	The second part of my introduction to using ZAP to test WebSockets, this part focuses on fuzzing.	
24.	I recently decided it was time to learn how to test WebSockets and so decided to take the opportunity to learn a bit about how ZAP works. This two part blog post covers a brief into to ZAP and how it interacts with WebSockets and then looks in depth at how to fuzz them.	
25.	A WebSocket based application which goes along side the blog post on ZAP and WebSockets.	
26.	Pipal now has a modular structure allowing you to write your own Checkers and Splitters, this is a brief introduction to how they both work.	
27.	A proof of concept application which takes observed key presses and generates a list of potential passwords.	
28.	Enumerating shares on the SpiderOak network.	
29.	A companion tool to Pipal which can spot keyboard patterns in password lists.	
30.	A simple script to create files containing binary data.	
31.	Using Google Analytics tracking codes to find relationships between domains.	
32.	How I'm going to spend my share of the 25,000 euro BruCON 5x5 cash.	
33.	Abusing a DDNS service to find IP cameras around the world.	
34.	An idea for a report writing competition	
35.	A Metasploit module for enumerating directories and files through MySQL	
36.	DNS reconnaissance against wildcard domains	
37.	A story about Hakin9, the kings of spam	
38.	A review of the Corelan Live Win32 Exploit Dev Bootcamp	
39.	Extract all URLs from a sitemap.xml file and request them through a proxy of your choosing.	
40.	Version 4.3 of CeWL adds result sorting by word count, with optional display of the count, also various bug fixes.	
41.	Hostapd Karma patches updated to hostapd version 1.0	
42.	Are signs of the zodiac used as passwords?	
43.	Did you know Linux groups can have passwords?	
44.	Custom word list generator based on tweets	
45.	Are secure web frameworks reducing long term security?	
46.	Version 4.2 of CeWL which fixes a major problem found in the spider I'm using.	
47.	This is part two of my write up of the findings from the Breaking In survey.	
48.	This is part one of my write up of the findings from the Breaking In survey.	
49.	My slides for my BSides London talk on Breaking in to Security	
50.	A set of interim results from my survey, how do I get started in security?.	
51.	A copy of my slides from OWASP Leeds covering the perils of autoconfiguring web cams with a bonus set presenting 'Whats in Amazon's buckets'	
52.	Ever wanted to ask, or help answer the question, how do I get started in security?.	
53.	A domain set up to help teach and explain DNS zone transfers.	
54.	Pipal is a password analysis tool	
55.	How I found the CHECK Team Leader Web Application exam	
56.	A description of the different attack modes in Burp Intruder	
57.	Using decompression to avoid filters	
58.	An application to parse files such as .DS_Store to reveal otherwise unlinked files on web sites.	
59.	CeWL Version 4	
60.	Wifi Honey	
61.	Analysing Mobile Me	
62.	Mobile Me Madness	
63.	A tool to brute force user accounts on Mobile Me	
64.	Analysing Amazons Buckets	
65.	Whats in Amazon's buckets?	
66.	A tool to brute force bucket names from Amazon S3	
67.	Going to WAR on Tomcat with Laundanum	
68.	An update to my script to mine data out of Google Profiles	
69.	A little trick to extract stored FTP details	
70.	Double tunnels to help a colleague in distress.	
71.	Tiger Scheme Check Team Member Exam - A review of the Check Team Member exam.	
72.	A Meterpreter script to download wireless profiles from Windows 7 and Vista boxes.	
73.	A short script to do frequency analysis on lines in a file.	
74.	When All You Can Do Is Read.	
75.	Nessus Through SOCKS Through Meterpreter.	
76.	A modular brute force tool currently supporting HTTP(S), MySQL and SSH.	
77.	HTTP Banner Grabbing Beyond The Root	
78.	Viewing Pages documents in Linux	
79.	Do you have a second hand Trojan in your pocket?	
80.	A custom wordlist generator with a twist.	
81.	A Metasploit module to accompany my blog post on finding interesting data in MSSQL databases.	
82.	Automating searching through MSSQL databases for interesting data.	
83.	This scan result beats any I've seen from Nessus, Nikto or Nmap	
84.	Karma comes into the modern age with patches for hostapd.	
85.	A pair of Metasploit modules to do DHCP exhaustion attack and then act as a DNS MiTM.	
86.	Convert Nessus v2 reports to CSV for easier manipulation and reporting.	
87.	Kismet log manipulation with GISKismet	
88.	Updated Metasploit sound module	
89.	Metasploit DNS MiTM and DHCP Exhaustion modules	
90.	OSSEC rules for handling Kismet alerts files	
91.	Convert a CSV file to an OSSEC rules file	
92.	Whats behind the door?	
93.	Don't just see on screen that you've got a new Metasploit session, be told by a nice lady.	
94.	Would you give out your password?	
95.	CeWL Version 3	
96.	Calc IP Range	
97.	#secvidofday	
98.	My AP Collection	
99.	Releasing KreiosC2 version 3	
100.	The start of the PenTester Scripting project	

更新于 26 分钟前

近期历史最近 100 条记录

2022-07-28	Another update to the Authlab, this time covering how to use John the Ripper and Hashcat to crack the keys used to sign JWTs. For more information, and a walk through.		
2022-07-28	I've just added a new challenge to the lab looking at exploiting the none algorithm. For more information, and a walk through.		
2021-12-09	A brief description of how to crack Flask session cookies and an introduction to the Cracked Flask Lab.	DigiNinja	
2021-03-20	The DNS server that WSL2 uses returns records in a different way to a normal DNS server and because of this I ended up trying to log into the wrong server. This is my quick analysis of what is different, and what it caused to happen.	DigiNinja	
2021-03-20	Talking about a way I found to split XSS payloads over multiple inputs to bypass input length limitations and input filtering.	DigiNinja	
2021-03-20	Overriding the JavaScript alert function to find a hidden XSS.	DigiNinja	
2021-03-20	I've added a new lab for looking at different ways to use HTML5 postMessage and their associated vulnerabilities.	DigiNinja	
2019-08-06	A story about having to push through elitism to get to the real community.	DigiNinja	
2019-07-30	New KreiosC2 language pack	DigiNinja	
2019-07-10	An offer to take some friends running during SteelCon 2019.	DigiNinja	
2019-06-26	A walkthrough of a process which allows off the shelf hardware to automatically acquire a valid TLS certificate on startup.	DigiNinja	
2019-06-26	A proof of concept demonstration to go with the blog post TLS certs for internal OTS hardware.	DigiNinja	
2019-06-14	I was recently contacted by Ryan Dewhurst to help him with an XSS issue he was having problems with. Ryan knows his stuff, and if he was having problems with something, I knew it had to be a fun challenge. T	DigiNinja	
2019-05-10	A set of walkthroughs for the challenges set in my Authentication Lab.	DigiNinja	
2019-05-08	I want my blog to reach as wide an audience as possible and to help with that, I'm asking for my readers to make suggestions for changes which will help make the site more accessible.	DigiNinja	
2019-05-08	How I found the CHECK Team Leader Web Application exam	DigiNinja	
2019-05-08	A little trick to extract stored FTP details	DigiNinja	
2019-05-08	An update to my script to mine data out of Google Profiles	DigiNinja	
2019-05-08	Going to WAR on Tomcat with Laundanum	DigiNinja	
2019-05-08	A tool to brute force bucket names from Amazon S3	DigiNinja	
2019-05-08	Whats in Amazon's buckets?	DigiNinja	
2019-05-08	Analysing Amazons Buckets	DigiNinja	
2019-05-08	A tool to brute force user accounts on Mobile Me	DigiNinja	
2019-05-08	Mobile Me Madness	DigiNinja	
2019-05-08	Analysing Mobile Me	DigiNinja	
2019-05-08	Wifi Honey	DigiNinja	
2019-05-08	An application to parse files such as .DS_Store to reveal otherwise unlinked files on web sites.	DigiNinja	
2019-05-08	Using decompression to avoid filters	DigiNinja	
2019-05-08	A description of the different attack modes in Burp Intruder	DigiNinja	
2019-05-08	Pipal of a database dump from comicbookdb.	DigiNinja	
2019-05-08	Tiger Scheme Check Team Member Exam - A review of the Check Team Member exam.	DigiNinja	
2019-05-08	Are secure web frameworks reducing long term security?	DigiNinja	
2019-05-08	Hostapd Karma patches updated to hostapd version 1.0	DigiNinja	
2019-05-08	Are signs of the zodiac used as passwords?	DigiNinja	
2019-05-08	Did you know Linux groups can have passwords?	DigiNinja	
2019-05-08	A domain set up to help teach and explain DNS zone transfers.	DigiNinja	
2019-05-08	This is part two of my write up of the findings from the Breaking In survey.	DigiNinja	
2019-05-08	This is part one of my write up of the findings from the Breaking In survey.	DigiNinja	
2019-05-08	My slides for my BSides London talk on Breaking in to Security	DigiNinja	
2019-05-08	A set of interim results from my survey, how do I get started in security?.	DigiNinja	
2019-05-08	A copy of my slides from OWASP Leeds covering the perils of autoconfiguring web cams with a bonus set presenting 'Whats in Amazon's buckets'	DigiNinja	
2019-05-08	Ever wanted to ask, or help answer the question, how do I get started in security?.	DigiNinja	
2019-05-08	Double tunnels to help a colleague in distress.	DigiNinja	
2019-05-08	A Meterpreter script to download wireless profiles from Windows 7 and Vista boxes.	DigiNinja	
2019-05-08	A story about Hakin9, the kings of spam	DigiNinja	
2019-05-08	My AP Collection	DigiNinja	
2019-05-08	Whats behind the door?	DigiNinja	
2019-05-08	Would you give out your password?	DigiNinja	
2019-05-08	Calc IP Range	DigiNinja	
2019-05-08	#secvidofday	DigiNinja	
2019-05-08	Releasing KreiosC2 version 3	DigiNinja	
2019-05-08	OSSEC rules for handling Kismet alerts files	DigiNinja	
2019-05-08	The start of the PenTester Scripting project	DigiNinja	
2019-05-08	Cool new Micro SD reader	DigiNinja	
2019-05-08	New KreiosC2 language pack		
2019-05-08	Blindly Installing VMs and Using Live CDs	DigiNinja	
2019-05-08	Convert a CSV file to an OSSEC rules file	DigiNinja	
2019-05-08	Metasploit DNS MiTM and DHCP Exhaustion modules	DigiNinja	
2019-05-08	A short script to do frequency analysis on lines in a file.	DigiNinja	
2019-05-08	When All You Can Do Is Read.	DigiNinja	
2019-05-08	Nessus Through SOCKS Through Meterpreter.	DigiNinja	
2019-05-08	A modular brute force tool currently supporting HTTP(S), MySQL and SSH.	DigiNinja	
2019-05-08	HTTP Banner Grabbing Beyond The Root	DigiNinja	
2019-05-08	Viewing Pages documents in Linux	DigiNinja	
2019-05-08	Do you have a second hand Trojan in your pocket?	DigiNinja	
2019-05-08	A Metasploit module to accompany my blog post on finding interesting data in MSSQL databases.	DigiNinja	
2019-05-08	Updated Metasploit sound module	DigiNinja	
2019-05-08	Automating searching through MSSQL databases for interesting data.	DigiNinja	
2019-05-08	This scan result beats any I've seen from Nessus, Nikto or Nmap	DigiNinja	
2019-05-08	Karma comes into the modern age with patches for hostapd.	DigiNinja	
2019-05-08	A pair of Metasploit modules to do DHCP exhaustion attack and then act as a DNS MiTM.	DigiNinja	
2019-05-08	Convert Nessus v2 reports to CSV for easier manipulation and reporting.	DigiNinja	
2019-05-08	Kismet log manipulation with GISKismet	DigiNinja	
2019-05-08	A review of the Corelan Live Win32 Exploit Dev Bootcamp	DigiNinja	
2019-05-08	DNS reconnaissance against wildcard domains	DigiNinja	
2019-05-08	Using HTTP pipelining to hide requests.	DigiNinja	
2019-05-08	I've spent the day testing an app which disables the right click context menu, this makes testing tricky so I found a one liner which I could drop into the browser console to re-enable it for me.	DigiNinja	
2019-05-08	Accidentally Sharing CrashPlan Data	DigiNinja	
2019-05-08	The plagiarism of Christian Bruhin	DigiNinja	
2019-05-08	Windows RDP client, show login page	DigiNinja	
2019-05-08	The results of a small experiment to see what my heart rate was like during my SANS instructor murder board.	DigiNinja	
2019-05-08	I see a lot of requests for technical help with tools and projects, some good, some bad. This post covers what I like to see when someone asks a question.	DigiNinja	
2019-05-08	Here is a little trick I just learned about to help prevent things like API keys from ending up in your Git repo. I've mentioned it to a few Git loving developers who all claimed that it is obvious and that loads of people are already using it, but, as we	DigiNinja	
2019-05-08	Asking the question, when it is acceptable to miss a vulnerability on a test.	DigiNinja	
2019-05-08	NoSQLi Lab	DigiNinja	
2019-05-08	Trying to understand why the EE web portal doesn't have a password change feature.	DigiNinja	
2019-05-08	A short guide to exploiting POST based reflected XSS using CSRF and iframes.	DigiNinja	
2019-05-08	A write up of my recent experiences of getting clients involved during testing.	DigiNinja	
2019-05-08	A short howto on removing the obfuscation added to non-default passwords by Nessus.	DigiNinja	
2019-05-08	Pipal analysis of a password dump from the Neofriends dating site.		
2019-05-08	Pipal analysis of 13,000 passwords from the Lizard Squad dump.		
2019-05-08	New tool, Sitediff	DigiNinja	
2019-05-08	A banking mutual authentication scheme that does not work.	DigiNinja	
2019-05-08	Pipal analysis of a password dump from a dating site.		
2019-05-08	A logic gate challenge set by Pippa for the 2018 SteelCon kids track.	DigiNinja	
2019-05-08	A worked example of setting up domain fronting with Cloudflare using ESNI.	DigiNinja	
2019-05-08	A 101 on domain fronting along with some examples.	DigiNinja	
2019-05-08	A worked example of setting up domain fronting with Cloudfront.	DigiNinja	
2019-05-08	Some research on how to hide commands from the bash history.	DigiNinja	
2019-05-08	Protecting against XSS in SVG	DigiNinja	