Recently the NSA released a repository on guidance for mitigating web shells. The repo contains a number of signatures and tools to help mitigate web shells and provides some valuable insight on how APT's are using advanced webshells in their…
Standard BurpSuite Config
Proxy Tab This is the single most important tab in BurpSuite. The proxy tab allows you to monitor the flow of application traffic while making notes. I use several extensions such as 'Scope Monitor' which greatly help organize the content.…
Appsec Kickoff Calls
Kickoff Call Every application penetration test you perform should be accompanied with a kickoff call to understand the scope, timeframe, and objective of the test. Here are the typical questions I ask during these calls. The goal of your kickoff…
Tweaking Aquatone: ReClustering
Aquatone is one of my favorite tools for performing recon against a wide range of web servers and it's goal is to capture screenshots of the applications running on the web servers, categorize them based on similarity, and output a…
XSS Tools #1 - SleepyPuppy
SleepyPuppy is a Cross-Site Scripting (XSS) management tool which is not only full of features and customization options, but also has a really enjoyable name. SleepyPuppy was originally developed by the Netflix Skunkworks security team released back in ~2015, and…
General Approach for XML External Entity (XXE) Testing
There's a bunch of articles floating around the internet on XML External Entity (XXE) Injection which typically describe various payloads, attack vectors, and general use cases when it comes to this fun vulnerability. However, back when I was first learning…