Post by (@david-maas) on Tue, 05 Jan 21 03:51:59 +0000 View Full Post Pro-tip of the day: If your password is really hard to type and you get it wrong frequently, then you may have misspelled one of the words in it.
Post by (@david-maas) on Thu, 31 Dec 20 01:42:37 +0000 View Full Post I really shouldn't be that proud of a hack this simple, but I read "The Web Application Hacker's Handbook" a few months ...
Post by (@david-maas) on Mon, 14 Dec 20 21:01:52 +0000 View Full Post FireEye released some information about their penetration testing team, including the top 16 exploits used! Good to know. From: https://github.com/fireeye/red_t...
Post by (@david-maas) on Wed, 21 Oct 20 22:01:43 +0000 View Full Post The NSA released a list of the top 25 known vulnerabilities used by Chinese state sponsored hackers. The first couple are sort of obvious, but futher down ther...
Post by (@david-maas) on Mon, 14 Sep 20 19:32:59 +0000 View Full Post Public CVEs being used by Chinese Govt hackers to get past perimeter defenses: https://www.zdnet.com/article/cisa-chinese-state-hackers-are-exploiting-f5-citrix...
Post by (@david-maas) on Tue, 18 Aug 20 01:24:28 +0000 View Full Post I was looking for a copy of the new TeamTNT worm since it's written in bash, and I noticed that while it mines credentia...
Post by (@david-maas) on Wed, 13 May 20 21:09:36 +0000 View Full Post Top most exploited vulnerabilities by CVE, according to various parts of the US govt: https://www.zdnet.com/article/dhs-cisa-and-fbi-share-list-of-top-10-mos...
Post by (@david-maas) on Fri, 03 Apr 20 15:51:53 +0000 View Full Post Link to javascript code for uploading a shell to wordpress via an XSS: http://dumpco.re/blog/xss2rce
Post by (@david-maas) on Mon, 16 Mar 20 22:08:24 +0000 View Full Post I just read (reddit/r/asknetsec) about a way of unmasking Wordpress sites behind load balancers that requires no SSL sea...
Post by (@david-maas) on Fri, 07 Feb 20 19:58:03 +0000 View Full Post There's a pretty interesting post about a Craigslist Rental Scam that includes a lot of information about a solid social engineering attempt. It's got a few soc...
