What if you could have hundreds of websites from which to launch an encrypted cross-site-scripting attack? What if the webservers could store the XSS attack code for you but could not decrypt it? What if the encrypted code could be set to expire after a set time or immediately after… Continue reading
Search this site
Check out my other project…
- Create an EC2 that runs Chrome for sandboxed websurfing
- Check Multiple AWS S3 Buckets for Missing Default Encryption
- The Equifax Data Breach and the Apache Struts Vulnerability
- Test Early, Test Often
- Linux Hardening
- Information Security at Startup Companies
- Timestamp bash_history with every command
Why didn't someone think of this before? --> Chrome Limits Websites' Access to Private Networks for Security Reasons https://thehackernews.com/2022/01/chrome-limits-websites-access-to.html
My long awaited updated complimentary Mini Course on Infosec Consulting is now ready - it's been 2 years since I updated and ran this free mini course. I answer the most common questions like "How to get clients" and "How to set pricing" and more.
Just finished another amazing week of SEC510 at SANS Cyber Security East: Dec 2021 and am proud to announce our CloudWars CTF winners: Stephen Bernard (1st place); Mathew Dilmaghani (2nd place); and Benjamin Fielden & Kyle Weeks (Tied for 3rd). Congrats gents!!