Advanced Search
Search Results
79 total results found
Life Shelf
Tech Shelf
All things techie?
Not Categorized
Who knows or Can't decide or keeps looking for a home
Helpful Suggestions
That all of us could use in this journey.
Clark Aston Smith Poetry
Bug Bounty Path
This is a start on documenting my process. The goal is automation....maybe.
Life in General
These helpful suggestions are for life. Nothing in particular, just life.
Geek Stuff
This is a working chapter
Introduction
Sample Works
Find Subdomains
DNS, HackerOne, Fuzzing, and the like....
Name Service Takeover
Look for takeover
Wayback for URLS
Port Scanning
nmap, MassScan
GitHub Recon
What is it and how do you do it?
WebApps Opportunities
Focus on Web Applications Vulnerabilities
Technical OSINT Tools
Open-source intelligence (OSINT) is the collection and analysis of data gathered from open sources (covert and publicly available sources) to produce actionable intelligence.
WebApp Tools
End Point Discovery
Mitre ATT&CK: Recon
Reconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting. Such information may include details of the victim organization, infrastructure, or staff/personnel. This informat...
Suggestion 1
Proper Preparation and Testing Practicing Due Diligence Coupled with the cleaning And reasonably solid Idempotency Helps the day Don't you know.
Suggestion 2
Documentation This is one of the primary keys to happiness. Yet so many of us fight it. Dr Brooks said it well in his book "The Mythical Man-Month" A basic principle of data processing teaches the folly of trying to maintain independent files in synchoni...
Introduction
Welcome to my thoughts, ideas and dreams. As I wander things are discovered that should be documented.
Networking
Testing tables here Networking is fun Use cell properties to align side to side or up and down.
Bacchante
Bacchante - Clark Aston Smith Men say the gods have flown;The Golden Age is but a fading story,And Greece was transitory:Yet on this hill hesperian we have knownThe ancient madness and the ancient glory. Under the thyrse upholden,We have felt the t...
Why this is here
I am testing how to organize my notes. I need to be a able to group, search, present an api and have some control on distribution. I don't want to write it myself. To that end I have settled on my exploration of the writings of Clark Aston Smith. As W...
FFUF Tool
https://github.com/ffuf/ffuf ffuf - Fuzz Faster U Fool A fast web fuzzer written in Go. Installation Example usage Content discovery Vhost discovery Parameter fuzzing POST data fuzzing Using external mutator Configuration files Help In...
Cross-origin resource sharing (CORS)
Cross-origin resource sharing (CORS) Cross-origin resource sharing (CORS) is a browser mechanism which enables controlled access to resources located outside of a given domain. It extends and adds flexibility to the same-origin policy (SOP). However, it al...
Password Reset Vulnerability
Password reset poisoning is a technique whereby an attacker manipulates a vulnerable website into generating a password reset link pointing to a domain under their control. This behavior can be leveraged to steal the secret tokens required to reset arbitrary u...
SNMP and HOST Header Injection
How to Test Initial testing is as simple as supplying another domain (i.e. attacker.com) into the Host header field. It is how the web server processes the header value that dictates the impact. The attack is valid when the web server processes the inpu...
Clickjacking via IFRAME
Clickjacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element. This can cause users to unwittingly download malware, visit malicious web pages, provide credentials or sensitive information, tran...