Another weekend is over, and CarolinaCon 14 is in the books.
Subdomain Hijacking in the EverSec CTF (BSides Raleigh ’17)
Just in time for CarolinaCon, here is my subdomain hijacking write-up for the EverSec CTF at BSides Raleigh 2017.
Filed under Security Not Included
Guacamole Installation in my Homelab
I finally finished my Guacamole installation for my homelab, and I wanted to share how it went.
Filed under Security Not Included
GXPN Review – SANS660 (Advanced Penetration Testing, Exploit Writing, and Ethical Hacking)
Although I passed it last month, I’m just now getting to my GXPN review after a long on-site engagement!
Filed under Security Not Included
sshuttle – Poor Man’s VPN via SSH (Great for Pivoting!)
I’ve recently been using sshuttle again, and I wanted to share how easy it is.
Filed under Security Not Included
pfSense DNSBL Whitelisting to Unblock Specific Sites
While I was away, someone asked me about pfSense DNSBL whitelisting, so I wanted to share a tutorial for it.
Filed under Security Not Included
XSS Attack Chain – Reflected XSS -> CSRF -> Stored XSS
I used a great XSS attack chain in an engagement recently, and I wanted to share it.
Filed under Security Not Included
Nmap Alarm – For When the Target Won’t Stay Online
While not the most useful tool, I wanted to share the Nmap alarm that I used on a recent engagement.
Filed under Security Not Included
IpExpander v1.0 – Using Python netaddr to Expand IP Ranges
I know that I haven’t released anything in a while, but I’d like to introduce IpExpander v1.0.
Filed under Security Not Included
Running an EyeWitness Docker Container (Great for macOS!)
During an engagement recently, I wanted to get an EyeWitness Docker container setup and working.
Filed under Security Not Included