Categories
Security Tuts

Web Application Penetration Testing Methodology

Most of the penetration tests that I did so far, are Web Applications, since even if it is a thick client application, the functionality of it is heavily based on HTTP communication, using API calls or some times, even just having the mobile view of the website inside a WebView.

Categories
Security Tuts

Yuzo Related Posts bug exploited on my blog

So today I loaded my website and while it was loading, I noticed that it wasn’t actually loading my starting page but it tried to redirect me to hellofromhony.com. Of course, it is visible that something was wrong, so using Burp Suite I tried to follow the order of the events in order to understand when the redirection happened.

Categories
Security Tuts

Burp Suite – Battle Royale Edition

Everyone who doesn’t live under a rock, knows and probably used Burp Suite, by PortSwigger. Recently a Beta 2.0 version was released with multiple new features and a new dashboard to control all the processing running, from one tab. In this post I will write about some features of Burp, that I found useful and I use almost daily to make my life easier.

Categories
Tuts

Configure mpv on MacOS

My main device is a MacBook and the player I usually used was VLC. VLC is easy to use and it has been here for all these years, but it was time for a change. Recently I switched to mpv, that is flexible, customizable and open source.

Categories
Security Tuts

Find subdomains using Project Sonar by Rapid7

Recently a friend of mine told me about Project Sonar by Rapid7. The purpose of this project is to enumerate as many as possible services online.

Categories
Security Tuts

Aquatone – npm executable not found

Aquatone is a great tool, developed by user @michenriksen, used for subdomain takeovers. The reason that I specifically like this tool is because it helps you enumerate subdomains easily, giving you IPs with Open Ports and their matching subdomain.

Categories
Security Tuts

List of SSI payloads

Recently I faced a situation that a website allowed the use of Server Side Includes. This was something new for me because I didn’t know many things about it and what payloads I could use. Luckily

Categories
Tuts

Penetration Testing Tools for Mac OS

I was playing with Metasploit Framework and I was using the msfvenom payload. For that purpose I was using Kali Linux as a Virtual Machine, mainly because all the tools are pre-installed there. Running a

Categories
Tuts

Change Terminal prefix on MacOS

I know there are multiple tutorials online on how to customize the prefix on a Terminal on MacOS but I wanted to write about it so I will remember it. When you do a clean install of

Categories
interesting Tuts

Download almost every scientific paper for free

Google Scholar is a great source for every student or researcher to find some infos about the domain they are working for, you can find papers from thousands of libraries and