XSS Attack Chain – Reflected XSS -> CSRF -> Stored XSS

I used a great XSS attack chain in an engagement recently, and I wanted to share it.

Continue reading

Leave a Comment

Filed under Security Not Included

Nmap Alarm – For When the Target Won’t Stay Online

While not the most useful tool, I wanted to share the Nmap alarm that I used on a recent engagement.

Continue reading

Leave a Comment

Filed under Security Not Included

IpExpander v1.0 – Using Python netaddr to Expand IP Ranges

I know that I haven’t released anything in a while, but I’d like to introduce IpExpander v1.0.

Continue reading

Leave a Comment

Filed under Security Not Included

Running an EyeWitness Docker Container (Great for macOS!)

During an engagement recently, I wanted to get an EyeWitness Docker container setup and working.

Continue reading

Leave a Comment

Filed under Security Not Included

Using Egressbuster to Test Outbound Firewall Rules

While I’ve used it for a while now, I wanted to share a quick write-up about Egressbuster.

Continue reading

Leave a Comment

Filed under Security Not Included

Indala Badge Cloning in macOS with Proxmark

During an engagement last year, I was able to perform some Indala badge cloning for access.

Continue reading

Leave a Comment

Filed under Security Not Included

EverSec CTF (BSides Raleigh 2017) Strange Data #3

Another week, and another write-up from the EverSec CTF at BSides Raleigh 2017.

Continue reading

Leave a Comment

Filed under Security Not Included

Nodejs Code Injection (EverSec CTF – BSides Raleigh 2017)

There was a challenge with Nodejs code injection during the BSides Raleigh CTF, and here is the write-up.

Continue reading

Leave a Comment

Filed under Security Not Included

Python dotx Conversion to docx for Automated Documents

While not exactly security related, I’ve had to do some Python dotx conversion to docx files recently.

Continue reading

Leave a Comment

Filed under Security Not Included

OSX Jumbo JtR Installation – More Mac Password Cracking

I recently went through the OSX Jumbo JtR installation, so I figured I’d share some tips and information.

Continue reading

Leave a Comment

Filed under Security Not Included