I recently needed to access an application which required mTLS using an automated browser to facilitate security testing. The last time I attempted this (several…
Just another hacking blog...
Posts in this category are about tools and techniques that I find useful during a Penetration Test
I recently needed to access an application which required mTLS using an automated browser to facilitate security testing. The last time I attempted this (several…
A recent zero-day vulnerability has been publicly shared revealing a critical issue with the nginx-ldap-auth software package allowing attackers to potentially bypass authentication and disclose key information on vulnerable servers.
Python script to parse directory and file names from a .DS_Store file.
As you would expect, office printers are often identified when conducting a penetration test of an office network. These devices often seem to be overlooked…
TLDR: There is a simple username enumeration issue in Office365’s ActiveSync, Microsoft do not consider this a vulnerability so I don’t expect they will fix…
Recently I needed to parse some data embedded in HTML. At first glance it appeared to be JSON, so after pulling the text out of…
Believe it or not, despite the fact it is 2016 I am still finding LanManager (LM) hashes on internal networks during penetration tests. Although in my…
JavaScript Object Notation with Padding (JSONP) is a technique created by web developers to bypass the Same Origin Policy which enforced by browsers to prevent…