Another good run at BlackHat came to an end. I always wanted to write about what goes behind the scenes. This year I was leading the AIH 4-day edition and then was supposed to do a talk on DevSecOps: What why and how. most of it is outlined https://www.notsosecure.com/hackersummercamp-2019/ however I wanted to focus on …
Recently i was asked to help someone run vagrant ansible combination on windows. Its a fun experiment coz ansible never claimed to support windows as control device and the solution [partial at this point] is a series of workaround and gotcha’s that i have listed so far. I want to make sure i don’t lose …
Vagrant + Ansible on windows: my experiments so far Read More »
While building Vulnerable Docker VM, I encountered some interesting behaviour from PHP meterpreter shell. This blog post documents what was identified as issues and what were the solutions for the same.
Chris gates at Carnal0wnage wrote a thought provoking article today and raised couple of questions. This topic is something i definitely have been thinking for past couple of years. Here are my thoughts outlined with respect to various questions asked. Before i answer these let this be very clear, the answers are my own and …
Response to : Vulnerability Disclosure, Free Bug Reports & Being a Greedy Bastard Read More »
TLDR: A wannabe defender trying to reason with the world that only appreciates pentesters
TL;DR: how to setup hunch.ly within Chromium browser along with various quirks. Hunchly by Justin Seitz is one of the recommended tools when it comes to OSINT related work. However I was attracted to hunchly for its capabilities specially saving all browsed pages in a session. So long story short after a bunch of email …
Most of the time when we type ipconfig / ifconfig we are looking for a very simple information i.e. what’s the ip address and which interface is up and running. So here is another simple script that i write in both shell script and batch file format to ensure that i can extract the basic …
With all the hype and craze around HTTP/2 and various TLS Versions, there is one questions which appears every now and then. I am doing all this upgrading versions allowing new ciphers enabling https etc, but is anyone using them. Also with PCI mandate of closing TLS 1.0 and TLS 1.1 looming large, we need …
Monitoring HTTP and TLS Versions in use via Awstats Read More »
Another Script i wrote long back and have been using to in various capacities. This script allows you to quickly generate various types of hashes for a specific string.
TL;DR: 5-line custom iterator over a file and executing command per line. Here is a custom helper script that i have written and been using for a very long time. Sometimes something so simpler in nature could very well be useful a lot of times that you feel like sharing it out with everyone.