Categories
Security

Security Black Friday Deals 2020

After a long time of absence, another post for black Friday is here. A selection of the best deals for security analysts and security hobbyists in the Infosec world. Like every year we expect some discounts for security courses, services and I believe there will be even more deals about cloud hosting.

Let’s get straight to the point!

Categories
Security

Security Black Friday Deals 2019

Like every year during black Friday, companies publish new offers to attract people. We are used to see offers every year by services like pastebin, shodan but not this year. Shodan did an one day offer of 1$ for a lifetime registration, a few days ago to celebrate 10 years. Pastebin also didn’t do any offer this year so far, but luckily more offers appeared.

Categories
Security Tuts

Web Application Penetration Testing Methodology

Most of the penetration tests that I did so far, are Web Applications, since even if it is a thick client application, the functionality of it is heavily based on HTTP communication, using API calls or some times, even just having the mobile view of the website inside a WebView.

Categories
Security Tuts

Yuzo Related Posts bug exploited on my blog

So today I loaded my website and while it was loading, I noticed that it wasn’t actually loading my starting page but it tried to redirect me to hellofromhony.com. Of course, it is visible that something was wrong, so using Burp Suite I tried to follow the order of the events in order to understand when the redirection happened.

Categories
Security Tuts

Burp Suite – Battle Royale Edition

Everyone who doesn’t live under a rock, knows and probably used Burp Suite, by PortSwigger. Recently a Beta 2.0 version was released with multiple new features and a new dashboard to control all the processing running, from one tab. In this post I will write about some features of Burp, that I found useful and I use almost daily to make my life easier.

Categories
Security Tuts

Find subdomains using Project Sonar by Rapid7

Recently a friend of mine told me about Project Sonar by Rapid7. The purpose of this project is to enumerate as many as possible services online.

Categories
Security Tuts

Aquatone – npm executable not found

Aquatone is a great tool, developed by user @michenriksen, used for subdomain takeovers. The reason that I specifically like this tool is because it helps you enumerate subdomains easily, giving you IPs with Open Ports and their matching subdomain.

Categories
Security Tuts

List of SSI payloads

Recently I faced a situation that a website allowed the use of Server Side Includes. This was something new for me because I didn’t know many things about it and what payloads I could use. Luckily

Categories
Security Tuts

How to install Metasploit on Mac OS El Capitan

There were a couple tutorials on the web about how to install Metasploit on Mac OS El Capitan. The orders were to type and type and type commands. The easiest way to do it is by doing a Graphical Installation of Metasploit

Categories
Security Tuts

Hack any device with your Android phone

There are a lot of apps for Android that can help you hack a user. I prefer cSploit. Why? Because it