Categories

• application security 23
• automation 3
• Burp Suite 2
• consulting 1
• cracking 2
• development 3
• Flask 3
• hacking 10
• leadership 2
• miscellaneous 2
• network security 11
• projects 8
• Recon-ng 4
• tools 9
• training 3

application security

• Dynamic Discovery of Mass Assignment Vulnerabilities
• A Decade of Training
• Burp Suite Pro v2 Transition
• XSS Active Defense
• SQLi Exploiter: Exploiting Complex SQL Injections
• Report Spam. Get Owned.
• Handling Missed Vulnerabilities
• Proxying thru Virtual Client VPNs
• Fun with XSShell
• Exploring SSTI in Flask/Jinja2 - Part 2
• Exploring SSTI in Flask/Jinja2
• Validating Redirects with Hyperlinks
• Regex: Regularly Exploitable
• Method Interchange: The Forgotten Vulnerability
• Burp Suite Visual Aids
• Session Fixation Demystified
• Cross-Site Trust Exploitation (XSTE)
• DOM-based Cross-Site Scripting, Revisited
• Defending Against Harvesting Attacks on Registration Systems
• Multi-POST Cross-Site Request Forgery
• Defending Against SSL Stripping Attacks
• Stealth Cookie Stealing (XSS technique)
• Local File Inclusion to Remote Command Execution using SSH

automation

• Get Off Your Butt and Teach Your Kids to Code
• WUDS: Wi-Fi User Detection System
• Raspberry Pi - Pianobar

Burp Suite

• Burp Suite Pro v2 Transition
• Burp Suite Visual Aids

consulting

• Handling Missed Vulnerabilities

cracking

• Official Release: eapmd5crack.py
• Creating Complex Password Lists with John the Ripper

development

• Dynamic Discovery of Mass Assignment Vulnerabilities
• A Decade of Training
• Get Off Your Butt and Teach Your Kids to Code

Flask

• Dynamic Discovery of Mass Assignment Vulnerabilities
• Exploring SSTI in Flask/Jinja2 - Part 2
• Exploring SSTI in Flask/Jinja2

hacking

• Dynamic Discovery of Mass Assignment Vulnerabilities
• XSS Active Defense
• SQLi Exploiter: Exploiting Complex SQL Injections
• Report Spam. Get Owned.
• Cooling Down the Hottest Ticket in Town
• Exploring SSTI in Flask/Jinja2 - Part 2
• Exploring SSTI in Flask/Jinja2
• Multi-POST Cross-Site Request Forgery
• ESPN Fantasy Football - The Complete Attack
• Hacking the DEFCON 18 Badge

leadership

• Get Off Your Butt and Teach Your Kids to Code
• Handling Missed Vulnerabilities

miscellaneous

• Cooling Down the Hottest Ticket in Town
• A Work in Progress

network security

• Handling Missed Vulnerabilities
• Proxying thru Virtual Client VPNs
• Getting Shell in Modern Restricted User Environments
• IPS Avoidance with Vulnerability Scanners
• Public Facing LDAP Enumeration
• Manual Local Hash Extraction
• Catching and Cleaning a Phish
• Taming the Stubborn Tomcat
• 7 Linux Shells Using Built-in Tools
• Defeating 802.1x with Marvin
• No Nmap, No Permissions, No Problem

projects

• SQLi Exploiter: Exploiting Complex SQL Injections
• Recon-ng Update (v4.6.0)
• Burp Suite Visual Aids
• WUDS: Wi-Fi User Detection System
• Recon-ng Update (v4.0.0)
• Recon-ng Update (v3.3.3)
• Recon-ng Update (v3.0.3)
• Official Release: eapmd5crack.py

Recon-ng

• Recon-ng Update (v4.6.0)
• Recon-ng Update (v4.0.0)
• Recon-ng Update (v3.3.3)
• Recon-ng Update (v3.0.3)

tools

• Burp Suite Pro v2 Transition
• SQLi Exploiter: Exploiting Complex SQL Injections
• Recon-ng Update (v4.6.0)
• Burp Suite Visual Aids
• WUDS: Wi-Fi User Detection System
• Recon-ng Update (v4.0.0)
• Recon-ng Update (v3.3.3)
• Recon-ng Update (v3.0.3)
• Official Release: eapmd5crack.py

training

• Dynamic Discovery of Mass Assignment Vulnerabilities
• A Decade of Training
• Burp Suite Pro v2 Transition