This is the final Captain's Log of 2020. I think I will keep doing this monthly but go me. I have managed this for 12 straight months. The Good 10k Step Challenge - I have plodded 10 thousand steps a day. Every single day for over a year. The vast majority of that in a… Continue reading Captain’s Log: December 2020
In this blog post I will introduce you to a few Firefox Add-Ons which are useful when assessing the security of web applications. There are many, many more Add-ons that people swear by but these ones help me out a lot. To test a web application you are going to need a web browser to… Continue reading Firefox Add-Ons that you actually need
Swurg is a Burp Extender designed to make it easy to parse swagger documentation and create baseline requests. This is a function that penetration testers need if they are being asked to test an API. Our ideal pre-requisites would be: A Postman collection with environments configured and ready to go valid baseline requests. Ideally setup… Continue reading API testing with Swurg for Burp Suite
Your website only has TCP 443 open and has a bulletproof TLS configuration. I hear you scream that I cannot middle your users to exploit them! On the surface of it you are correct. Let me lay out some basics, explain how we got here, and then show you that you are incorrect. We can… Continue reading Preload or GTFO; Middling users over TCP 443.
The Good 10k a day steps challenge - I have managed this every day again. That-is-11-months. Almost an entire freaking year. If I get to Christmas eve I will have actually done something I said I would do. Which in this whole crazy wreck of a year is something to be celebrated. 150 active minutes… Continue reading Captain’s Log: November 2020