Blog

I've always been more of a coder than a writer so entries here may be few and far between but I do have some ideas for things I'd like to get off my chest so check back occasionally or keep an eye on the RSS feed just in case.

Some recent articles include:

• My CHECK Team Leader Web App Exam - How I found the CHECK Team Leader Web Application exam
• Burp Intruder Attack Types - A description of the different attack modes in Burp Intruder.
• Using decompression to avoid filters - Decompressing data to get it past filters such as IDS.
• Bliss Buggy Push - Photos of my fancy dress buggy push for Bliss and a huge thanks to sponsors and supporters.
• Analysing Amazon's Buckets - Analysis of the content I found when trawling Mobile Me accounts looking for public information.
• Mobile Me Madness - A brief description of how Mobile Me allows access to its file listings and how to interpret them.
• Analysing Amazon's Buckets - This application trawls Amazon's S3 system looking for public buckets and returns a list of the contents of any found.
• Whats in Amazon's buckets? - The description of how I wrote a tool to brute force bucket names from the Amazon S3 system and then take it a step further.
• Going to WAR on Tomcat with Laundanum - Using Laundanum to attack Tomcat servers.
• A little trick to extract FTP details - Setting up fake servers then capturing the clear text.
• Double tunnels to help a colleague in distress - Setting up SSH tunnels to allow external access to an internal network.
• Tiger Scheme Check Team Member Exam - A review of the Check Team Member exam.
• When All You Can Do Is Read - A look at what files are good to try to read when all you have is read only access to a machine, i.e. no directory listing ability.
• Nessus Through SOCKS Through Meterpreter - Nessus Through SOCKS Through Meterpreter - Using a Meterpreter pivot and a SOCKS proxy to run Nessus scans through a compromised machine.
• HTTP Banner Grabbing Beyond The Root - Where do you do your web banner grabbing, just in the root?
• Viewing Pages documents in Linux - A short shell script to display a document created in Pages in Linux
• The Trojan in your pocket - Do you know what your phone is doing?
• Finding "interesting" columns in MSSQL databases - Automating searching through MSSQL databases for interesting data.
• The best scan result ever - This ultrasound scan result beats any result I've seen from Nessus, Nikto or Nmap. I'm going to be a daddy!
• Kismet log manipulation with GISKismet - A patch to GISKismet so it will import Kismet data which doesn't include GPS positions.
• Whats behind the door? - I really want to know what is behind this door!
• Would you give out your password? - A write up of an experiment where I asked a class to give me their passwords.
• #secvidofday - My security video of the day.
• AP Collection - A selection of AP's I tested as part of some rogue AP detection.
• PenTester Scripting - How I got myself into yet another project.
• Gourmet BeEF - A great photo advert for the BeEF project.
• Micro SD Card Reader A quick shot of a new micro SD card reader I got.
• Untrusted VMs - Trojaning VMs and live CDs.
• Cardbus Converter - Convert old PCMCIA cards to PC Express.