Sprocket Security's Director of Technical Operations reveals how Domain Admin access was gained through overlooked misconfigurations and intricate attack paths, with both insight and humor.
Resources
Blog
Nicholas Anastasi
Blogs by Nicholas Anastasi
This blog introduces snickerdoodle, a customized Cookiecutter template designed to help penetration testers quickly create and share complex CLI tools. By automating project setup with features like pre-configured CLI interfaces, Rich logging, and integrated dependency management using Poetry, Snickerdoodle allows security professionals to focus on coding rather than boilerplate setup.
403 status code bypasses might seem niche and impractical at first glance, but they can be surprisingly valuable for uncovering vulnerabilities at scale. This blog delves into the nuances of 403 bypass techniques, exploring how tools like Nuclei and Burpsuite can be leveraged to identify hidden admin panels and other restricted areas, even when traditional methods fall short.
Delve into the modern techniques and security controls surrounding password spraying. This series will explore the current techniques, tactics, and procedures (TTPs) for password spraying.
Tools such as dirbuster, gobuster, feroxbuster, dirb, and ffuf have been instrumental in uncovering hidden content on websites. These tools and wordlists designed to discover files and directories have become staples in the toolkits of penetration testers and bug bounty hunters. Now more than ever, technology plays a vital role in cybersecurity practices.
How to create a CVE Trends Command Line Tool and be notified in Slack via Webhooks.
