[Bookmarked] Pizza As A Service

Sometimes I find funny things in Twitter (https://twitter.com/RichGx/status/494572357898756096). I'm going to write some blog posts with these items so that I can remember where I found them and share them with others. Pizza As A Service Seems like more and more services are being offered as a service in the cloud. Sometimes people have trouble... Continue Reading →

Mutillidae Session Hijacking Lab

Overview This is a list of steps to perform to perform a web application session hijacking attack against a logged-in user of a web app. It uses the wonderful Mutillidae (https://www.owasp.org/index.php/OWASP_Mutillidae_2_Project) vulnerable web application for the victim server, Burp Suite (free or pro, https://portswigger.net/burp/download.html) and a web browser (in this case, I've chosen Firefox). Steps... Continue Reading →

Fake Name Generator

When performing testing activities, whether it is web application penetration or usability testing, it is helpful to have example content to submit in web form fields. The same can be said for people trying to create sock-puppet or alias accounts on the Internet. We need to have sample/fake information so that we can set up... Continue Reading →


OSINT is awesome. Open Source INTelligence is about searching the Internet for relevant information about something, analyzing the data that is collected and then taking some action using that intelligence. Ninjas are awesome. Experts in their fields. Stealthy shadows searching for their targets. Patient, methodical wraiths exploiting their adversaries. Now, put OSINT together with ninjas... Continue Reading →

Cross Site Scripting Resources

Micah here. Recently, I've found several great resources for those of you that perform web application hacking/penetration testing.​ Most people are aware of the old RSnake XSS filter evasion cheat sheet now maintained and enhance by OWASP (https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet). There are two other sites/web apps that can help too. One has a NSFW domain name but, as... Continue Reading →

Privacy and Swag at Conferences

Seems like every week there is an infosec conference happening somewhere in the world. With the BSides series of events as well as the premier conferences (not to mention vendor events), options abound. Experienced attendees are well-aware of all the private data that gets disclosed to the venue, the sponsors and exhibitors at many of these events.... Continue Reading →

Up ↑

%d bloggers like this: