Categories
- consulting 1
- network security 11
- application security 20
- miscellaneous 2
- automation 2
- leadership 1
- cracking 2
- hacking 6
- projects 8
consulting
network security
- Handling Missed Vulnerabilities
- Proxying thru Virtual Client VPNs
- Getting Shell in Modern Restricted User Environments
- IPS Avoidance with Vulnerability Scanners
- Public Facing LDAP Enumeration
- Manual Local Hash Extraction
- Catching and Cleaning a Phish
- Taming the Stubborn Tomcat
- 7 Linux Shells Using Built-in Tools
- Defeating 802.1x with Marvin
- No Nmap, No Permissions, No Problem
application security
- XSS Active Defense
- SQLi Exploiter: Exploiting Complex SQL Injections
- Report Spam. Get Owned.
- Handling Missed Vulnerabilities
- Proxying thru Virtual Client VPNs
- Fun with XSShell
- Exploring SSTI in Flask/Jinja2 - Part 2
- Exploring SSTI in Flask/Jinja2
- Validating Redirects with Hyperlinks
- Regex: Regularly Exploitable
- Method Interchange: The Forgotten Vulnerability
- Burp Suite Visual Aids
- Session Fixation Demystified
- Cross-Site Trust Exploitation (XSTE)
- DOM-based Cross-Site Scripting, Revisited
- Defending Against Harvesting Attacks on Registration Systems
- Multi-POST Cross-Site Request Forgery
- Defending Against SSL Stripping Attacks
- Stealth Cookie Stealing (XSS technique)
- Local File Inclusion to Remote Command Execution using SSH
miscellaneous
automation
leadership
cracking
hacking
- XSS Active Defense
- SQLi Exploiter: Exploiting Complex SQL Injections
- Report Spam. Get Owned.
- Cooling Down the Hottest Ticket in Town
- ESPN Fantasy Football - The Complete Attack
- Hacking the DEFCON 18 Badge