Posts

URL Syntax https://admin:[email protected]:80/bio.txt;pp=1&qp=2#Three URL Part URL Data Scheme https User admin Password pass123 Subdomain www Domain example.com Port 80 Path /bio.txt Path Parameter pp=1 Query Parameter qp=2 Fragment Three Safe Characters RFC1738 section 2.2 outlines the safe characters to use in an HTTP URL Scheme: abcdefghijklmnopqrstuvwxyz0123456789$-_.+!*'(), Safe characters can be used in URLs without any form of encoding as they aren’t reserved for special use in the construction of the URL. ...

Unfortunately, I didn’t arrive at the ballroom early enough to get seats, or even standing room, to see this talk in-person: Ed Skoudis: How To Give The Best Pen Test Of Your Life If you’re a Pen Tester, this talk is a must-see. Once you’ve finished that talk, check out John Strand’s excellent follow-up talk! After competing for Friday night, most of Saturday, and Sunday morning, I emerged as the 30th position (solo) out of the 120 teams competing in the CTF. Not bad, but I want to do better! ...

A mini-list reference for interesting LFI targets

NBNS still works!

Learn how to create a metasploit module

This is a topic I’ve had a love/hate relationship with my entire life. I was once forced to go to a time management workshop on Saturdays in high school. My friend and I spent more time talking to the girls in front of us than actually listening to what the lecturer was saying, so I wonder if I missed out on something there… I still struggle with time management and focusing on one task at a time until completion. Working in an environment in which a given task can be interrupted and superseded at any time is not doing me any favors. This post will cover the tools I’ve found to help me out of this situation I’ve found myself in. ...

Introductory methods for DNS reconnaissance.

Notes from BSides DC 2013

Techniques for performing subdomain enumeration information gathering.

Customize your working environment to your liking