Thursday, October 11, 2018

Saturday, October 6, 2018

Friday, October 5, 2018

Google dorks: SQL injection


Cross-platform post-exploitation tool mainly written in python

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Wednesday, October 3, 2018

Hide Apache ServerSignature / ServerTokens / PHP X-Powered-By

httpd.conf or apache.conf rows: 
ServerSignature Off 
ServerTokens Prod

php.ini row: 
expose_php = Off

The Art of Subdomain Enumeration

Rapid7 DNS dataset

Google Dorking:


Monday, October 1, 2018

popcorn-time: Watch torrent movies instantly

Watch torrent movies instantly

This Popcorn Time service will never be taken down. Download and enjoy.

Using websockets to easily build GUIs for Python programs

Websocket teknolojisinin kullanımı ile alakalı faydalı bir örnek.

nmap options/ideas to avoid Firewall

Packet fragmentation 

Modify default MTU: 
--mtu 24 

Random number of decoys 
-D RND:10 

Change Source port:
--source-port 80 

Append Random Data to Packet: 
--data-length 25 

MAC Address Spoofing 
--spoof-mac Dell/Apple/3Com

Monday, September 17, 2018

how uninstall tuntap driver on macos

What is it?

The TunTap project provides kernel extensions for Mac OS X that allow to create virtual network interfaces. From the operating system kernel's point of view, these interfaces behave similar to physical network adapters such as an Ethernet network interface. However, the virtual interface does not send the packets into a wire, but makes them available to programs running in the system.

I want to remove the software from my computer. How do I do that?
Unfortunately, Apple's installer packages do not provide a way to remove software. Therefore, you will need to delete the files manually. Just remove the following directories (you need to do this with Administrator privileges):


Thursday, September 13, 2018

OWASP AppSec Europe 2018 archives

OWASP AppSec Europe 2018 archives

  • "Adding Privacy by Design "by Sebastien Deleersnyder - Slides
  • "A View from Above "by Chris Horn - Slides
  • "Current Research and Standards "by Charles M Schmidt - Slides
  • "Deconstructing Threat Modeling "by Ciaran Conliffe - Slides
  • "Development to Risk Management "by Johanna Curiel.key - Slides
  • "Regular to Enterprise Ready "by Ovidiu Cical - Slides
  • "Seconds out "by Etienne Greeff - Slides
  • "Security is Everyone's Job "by Tanya Janca - Slides
  • "Threat Modeling for IOT "by Dan Cornell - Slides
  • "Threat Perspectives "by Jacky Fox and Gina Dollard - Slides
  • "A Methodology for Assessing "by Pedro Fortuna - Slides
  • "Building Secure ASP NET "by Niels Tanis - Slides
  • "Cross Application CSRF Protection "by Egor Balyshev - Slides
  • "Injecting Security Controls "by Katy Anton - Slides
  • "Oauth is DAC "by Johan Peeters - Slides
  • "Patterns in Nodejs "by Chetan Karande - Slides
  • "Remediate the Flag "by Andrea Scaduto - Slides
  • "Secure Software Development "by Damilare D. Fagbemi - Slides
  • "Unicode The Hero or Villain "by Pawel Kawczyk - Slides
  • "Usable Security "by Achim D. Bruker - Slides
  • "Gamifying Education "by Max Feldman and John Sonnenschein - Slides
  • "Buiding an AppSec Program "by Chris Romeo - Slides
  • "Building a Valid Threat Library "by Tony Ucedavelez - Slides
  • "Detecting and Preventing "by Lieven Desmet - Slides
  • "Docker 201 Security "by Dirk Wetter - Slides
  • "Gamifying Developer Education "by Max Feldman and John Sonnenschein - Slides
  • "Jumpstarting Your DevSecOps "by Jeff Williams - Slides
  • "Making Continuous Security "by Matt Tesauro and Aaron Weaver - Slides
  • "Securing Containers "by Jack Mannino and Abdullah Munawar - Slides
  • "Exploiting Unknown Browsers "by Gareth Heyes - Slides
  • "FIESTA "by Jose Selvi - Slides
  • "Outsmarting Smart Contracts "by Damian Rusinek - Slides
  • "Secure Messengers "by Jeremy Matos and Laureline David - Slides
  • "The Last XSS "by Jim Manico - Slides
  • "WAF Bypass Techniques "by Soroush Dalili - Slides

Saturday, September 8, 2018

Saturday, May 26, 2018

#pentest find passphrase on encrypted ssh private key

root@kali:/home/userx/.ssh# ssh2john id_rsa > id_rsa.jtr-hash

root@kali:/home/userx/.ssh# john id_rsa.jtr-hash
Using default input encoding: UTF-8
Loaded 1 password hash (SSH [RSA/DSA 32/32])
Press 'q' or Ctrl-C to abort, almost any other key for status
starwars         (id_rsa)
1g 0:00:00:00 DONE 2/3 (2018-05-26 22:00) 7.692g/s 96461p/s 96461c/s 96461C/s starwars
Use the "--show" option to display all of the cracked passwords reliably
Session completed

root@kali:/home/aokan/.ssh# john --show id_rsa.jtr-hash 

1 password hash cracked, 0 left

Thursday, May 3, 2018

Penetration Tester's Subdomain Enumeration Guide

Tuesday, May 1, 2018