Most of the penetration tests that I did so far, are Web Applications, since even if it is a thick client application, the functionality of it is heavily based on HTTP communication, using API calls or some times, even just having the mobile view of the website inside a WebView.
Everyone who doesn’t live under a rock, knows and probably used Burp Suite, by PortSwigger. Recently a Beta 2.0 version was released with multiple new features and a new dashboard to control all the processing running, from one tab. In this post I will write about some features of Burp, that I found useful and I use almost daily to make my life easier.
My main device is a MacBook and the player I usually used was VLC. VLC is easy to use and it has been here for all these years, but it was time for a change. Recently I switched to
mpv, that is flexible, customizable and open source.
Recently a friend of mine told me about Project Sonar by Rapid7. The purpose of this project is to enumerate as many as possible services online.
Aquatone is a great tool, developed by user @michenriksen, used for subdomain takeovers. The reason that I specifically like this tool is because it helps you enumerate subdomains easily, giving you IPs with Open Ports and their matching subdomain.
Recently I faced a situation that a website allowed the use of Server Side Includes. This was something new for me because I didn’t know many things about it and what payloads I could use. Luckily
I know there are multiple tutorials online on how to customize the prefix on a Terminal on MacOS but I wanted to write about it so I will remember it. When you do a clean install of
Google Scholar is a great source for every student or researcher to find some infos about the domain they are working for, you can find papers from thousands of libraries and
A couple of years ago I developed an app that was click based with text and what you had to do was to collect as much money as possible in order to buy new buildings and things like that. What I didn’t think of (then) was that some time since you get such a big income
Today I was playing with Spotify and while I was browsing the Cache folders, I found out that the content of these folders is in hex format. The only thing I could see