2020-May SANS @MIC: “Moving Past Googling It” Companion Post

Just gave a SANS @MIC talk and wanted to share the links to the sites and tools I discussed. A video of the talk is below: https://www.youtube.com/watch?v=BVFhMqktkeE https://osintcurio.us/http://osintframework.dehttp://www.cnn.com/robots.txthttps://www.cisco.com/robots.txthttps://www.apple.com/robots.txthttps://map.snapchat.com/@30.943495,41.053944,3.75zhttps://whatsmyname.app/https://www.bellingcat.com/news/2020/05/18/military-and-intelligence-personnel-can-be-tracked-with-the-untappd-beer-app/https://untappd.com/NorthernMonkhttps://untappd.osint.ninjahttps://wifi.xfinity.com/https://viewdns.info/https://www.osintcombine.com/data-visualization-toolhttps://haveibeenpwned.com/https://dehashed.com/https://sans.org/sec487https://github.com/webbreacher/untappdscraperInstant Data Scraper Google Chrome Extension

Tips for first timers attending SANS events

This is a guest post by Ori. In the past 12 months I attended two SANS training events as a Work Study participant and decided to write this post based on my observations. SANS Institute is the biggest player in information security education field with the best and brightest instructors and unmatched content quality. This... Continue Reading →

Bash Prompt -PS1

Some students in my SEC542 SANS class noted the funky Bash shell prompt I have for my terminal windows and wanted me to share it. So, this is a post to share it. My Bash shell prompt is: ┌─[HH:MM:SS]─[hostname: PresentWorkingDirectory] └──> $ and looks like this in the terminal when I took a pic of... Continue Reading →

Mutillidae Session Hijacking Lab

Overview This is a list of steps to perform to perform a web application session hijacking attack against a logged-in user of a web app. It uses the wonderful Mutillidae (https://www.owasp.org/index.php/OWASP_Mutillidae_2_Project) vulnerable web application for the victim server, Burp Suite (free or pro, https://portswigger.net/burp/download.html) and a web browser (in this case, I've chosen Firefox). Steps... Continue Reading →

Quick post for my current SEC542 Students

Of course if you aren't one of my students you still can read this. 🙂 In class I showed some extra slides on SQL injection. They are here http://www.slideshare.net/webbreacher/sans-night-talk-sql-injection-exploited Additionally, for the RFI (Remote File Include) examples, I showed a text file with the following in it: <?php $command='uname -a;id -a'; echo "Running the '$command' command:";... Continue Reading →

Errata from my SANS SEC542 Class

This post is just a follow-up for things I spoke about during the SANS Rocky Mountain conference held in Denver, CO in June 2014...well...now.MindMaps for Note-takingAs I mentioned in class, one way that I like to organize information during testing and just when taking notes, is in a MindMap format. There are some gorgeous "infographic-type" MindMaps... Continue Reading →

Up ↑

%d bloggers like this: