Posts

Introduction

I’ve documented an easy way to automatically configure AWS assumed role credentials. The AWS CLI handles all the complexity of assuming the role and credential management behind the scenes. Continue reading Introduction

Comprehensive JWT Penetration Testing Checklist

I’ve compiled a thorough JWT pentest checklist, including all the code you’ll need with step by step instructions. Continue reading Comprehensive JWT Penetration Testing Checklist

Account Takeover in Danphe Health Hospital Management System EMR version 3.2

Any authenticated user can takeover other accounts, including the admin account, due to Broken Object Level Authorization on the /api/SecuritySettings/ResetPassword endpoint. Continue reading Account Takeover in Danphe Health Hospital Management System EMR version 3.2

How Spammers and Scammers Hide The External Email Banner

This article explains what I learned while discovering how an email spammer hid the “External Email” enterprise banner. Continue reading How Spammers and Scammers Hide The External Email Banner

Better LLM Prompts Using XML

This article explains why using XML solves some problems with prompting and provides better results from an LLM. Continue reading Better LLM Prompts Using XML

Finding CDN Origin Targets

This article demonstrates how to find CDN (Akamai & Cloudflare) web application origin servers. If these origin servers aren’t properly limiting source IP addresses to the CDN, you can hard-code the name to IP address mapping in your hosts file to bypass the WAF. Continue reading Finding CDN Origin Targets

Scanning CDN Origin Targets

This article discusses the importance of using hostnames instead of IP addresses when conducting vulnerability scans or penetration tests. It explains how protocols like HTTP behave differently depending on how they are addressed, and how this can lead to missed vulnerabilities when only IP addresses are used. Continue reading Scanning CDN Origin Targets

Cracking Adobe Experience Manager Hashes

Adobe Experience Manager (AEM) password hashes are not supported by Hashcat. Follow along as I show how to install a compatible version of John, convert, and finally crack the hash. Continue reading Cracking Adobe Experience Manager Hashes

Going the Extra Mile - BXXS Edition

As a pentester, you’re going to be going up against external or web app scopes that have been beat up by pentesters and vulnerability scanners. This is about using Blind Cross-Site Scripting (BXSS) in going the extra mile. Continue reading Going the Extra Mile - BXXS Edition

Using the Chaos DNS API to Enumerate Pentest Subdomains

For your pentest, you’re given a list of IP addresses and some domains in scope. Using this methodology you can use the Chaos API to enumerate subdomains. Continue reading Using the Chaos DNS API to Enumerate Pentest Subdomains

Creating an Exploit PoC and Metasploit Module for CVE-2022-40022

KACE LDAP Bind Credential Exposure

Extract SAM Hashes from VMDK File

Another Way to Exploit GenericWrite

Pivoting For Pentesters

Nakivo Stored XSS

A Review Of Enterprise Attack Initial Access Training

Nim Convert Shellcode to UUID

Offensive Nim DLL Injection

Hackthebox Jeeves Pwn Challenge

Symbol Resolution On Linux

Tips On Building A Pentest Appliance

Hackthebox Doctor

Kali Command Line Logging

Test Ios Apps On Linux

Thick Client Testing

Docker For Pentesters

Golang Convert Cidr Address To Hosts

Nessus Exploitable Parser

Configure Pentest Dropbox Dns Tunneling

Android Testing Cheatsheet

Bypass Android Root Detection Using Objection

Mobile Pentesting Tools

Ruby Nessus

Parsing Creds From Lsass.exe Dumps Using Pypykatz

TLS Decryption in Wireshark

Error Flashing CrazyRadio PA USB Dongle on VMWare

Howto Arp Spoof Using Scapy

Easy Scapy Tcp Handshakes

Password Spraying Active Directory Authenticated Websites With Python And Burp Suite

ScanCannon tool

ScanCannon, combining the speed of Masscan with the thorough results of Nmap Continue reading ScanCannon tool

Interested vs. Committed

If you really want to accomplish a goal, learn the difference between interest and committment. Continue reading Interested vs. Committed

Welcome to my blog!

Moving on from WordPress Continue reading Welcome to my blog!