Retrieving Google Task Data
Working in a cloud environment, like C-suite, can be very convenient. They provide lots of functionality and tools to get the job done with supporting APIs to programmatically leverage them. […]
How To
Flipper Fanclub: Part 1 – Flipper Zero Pentesting
WELCOME TO THE FANCLUB! Part 1 of the Flipper Fanclub Series will be going over the Flipper Zero tool. We will discuss what it is, how to use it (from […]
How To Pick A Tubular Lock
Tubular Lock The tubular lock has many different names including: circle pin tumbler lock, radial lock, or ace lock. The tubular lock consists of multiple stacks of pins in a […]
Exploiting Oracle Databases With ODAT
ODAT ODAT (Oracle Database Attacking Tool) is “an open source penetration testing tool that tests the security of Oracle Databases remotely” (1). The goal of the tool is to help […]
Boo Language
Knock, knock! Who’s there? Boo! Boo who? It’s Boo language, the spooky dead language that you may not have heard about. It is a language for .Net with a clean […]
Blind XSS & GCP Functions: GCPXSSCanary
An Intro to Blind XSS & Secure GCP Functions During a recent engagement, I ran across an instance of potential Blind Cross-Site Scripting (XSS) while pentesting a web application. I […]
Burp Suite Macros – Reshaper Guide
Burp Suite Macros If you’ve performed web application pentests with Burp Suite for a while, you’ve certainly come across applications that don’t play nicely with Burp Suite’s out-of-the-box scanning. Perhaps […]
GraphQL Batching Attacks: Turbo Intruder
Exploiting GraphQL Batching Attacks Using Turbo Intruder What Are Batching Attacks In GraphQL? GraphQL allows for multiple queries to be sent to the server in one single request in order […]
Automating Authorization Testing: AuthMatrix – Part 2
In my previous blog post, part 1, I covered the basic configuration of the AuthMatrix Burp Suite extension, so we will now move on to some more advanced setups. The […]
OSINT Challenge: Hacktoria Geolocation 16
What Is OSINT? For those who aren’t familiar with the term, OSINT stands for Open Source Intelligence. This refers to the use of data collected from open or publicly available […]