A simple Python program which aims to give you a database of helpfull commands, references, cheatsheets and tips in an indexed, easy to search format. You can search using one or more of; The command, Tags, URL references, author, date added, or, Comments to get the information you need. It also comes with an Updater, and multiple output formats to make it as handy as possible!
Due to a logic flaw in Oracle's FlexCube Direct Banking application, it was possible to enumerate usernames, and then reset said user password, and transaction pin, granting full access to the victim user's account.
I always come across contain files such as VHD's, OVA's, XVA's and IMG's during tests, and I always forget the exact procedure for converting, and then mounting them in Nix. I will update this over time with mounting different file types encountered. This post will be updated over time whenever I need to mount something new.
The Password station interface does not disable user search functionality, instead it hides the icon allowing unauthenticated users to grab a list of all users able to reset their passwords and any other information stored along with this in AD, it is also possible to veiw the ldap search path.
When scanning a large number of servers it is nice to have a screenshot handy for either quickly flicking through and identifying what's on the server (Page Titles dont always give a good representation of what can be found on the server!).
A SQL Injection was discovered In the Users Ultra Wordpress Plugin (Upto version 1.4.95), in the user gallery section.
I have recently been playing with AFL by Lcamtuf, a high performance fuzzer that is exceedingly efficient at finding problems in code when you either have or dont have the source code.
Just a super quick one today. During a test I noticed some strange behaviour with the standard Hydra which ships with Kali (Version 8.1) when scanning sites with no SSLv3 support.
I Have recently studied for and passed the CREST CPSA Exam, I though I would share some thoughts and my pre-exam revision Notes to help other people thinking of taking this new exam from crest as when looked I could not find much about it!. Note: The Format of the exam is changing very very soon, so this may not be of use to you.
Spacewalk offers the ability to generate and deploy Kickstarts (standard builds, keep an eye on packages that are installed on the system as well as compare any file that is on the remote machine to a local copy, giving I.T management an overview of which systems require patching or are not conforming to standards`. In this post I will go through the kickstart creation process and Spacewalks configuration management.
Redhat's Spacewalk is a management solution to allow controlled patch deployment, maintenance of configuration files, system deployment through PXE for both virtual and bare-metal systems while also offering monitoring of system status, the automatic inventory cataloguing of registered clients and security auditing of systems all in a centralised manner. This post will go through the installation of the program as well as the set up of a repository, PXE booting and client registration.
Just a quick one from me today, I recently got an excellent new laptop, that sadly does not seem to want to dual boot with Fedora, so I have been forced to fall back to just a Windows 8 Machine. A work colleague suggested I give Cygwin a whirl to continue to use all the amazing things Windows just can't do. During the set-up, I got extremely annoyed with the GUI based normal way of installing the environment due to me managing to break Ruby + gems and it taking longer than necessary clicking all the boxes to select the wanted applications, so I made a snippet to make the reinitialization of Cygwin in future much easier. I have moved on since this post to using Hugo instead, as ejekyll no longer works, and Hugo does!