Ruby
How to scan for cybersecurity risks on every commit with CodeSec & Git Hooks
Good programmers are lazy ...
Eureka! How Pulumi Brought Sanity to Our DevOps Team
I started out my professional career as a software developer then became a DevOps engineer. (Get it? It’s a joke.) The irony is that DevOps is not an engineering discipline at all, ...
Verifying NTP Reserved Mode Denial of Service Vulnerability
I recently needed to check a NTP Reserved Mode Denial of Service vulnerability CVE-2009-3563, but without causing the DoS condition on the production server. Using Metasploit’s auxillary module auxiliary/dos/ntp/ntpd_reserved_dos was not an option ...
Sqlitespy for Sqlite Database analysis
Sqlite is the ubiquitous database for mobile applications on iPad, iPhone and Android. It is also used by certain internet browsers, web application frameworks and software products for their local storage needs ...
Decoding BigIP Cookie
BigIP cookie contains internal network IP and port information in encoded format. When decoded, these cookies can help create an internal network map with potential web server IPs and their ports. F5 ...
Breaking A Weak CAPTCHA implementation
A while back I came across a web application that implemented captcha to prevent automated form entries. The captcha was weak and could be easily solved. Below I summarize the steps followed ...
Just the Facts Ma’am
Sometimes when you're testing it's good to be able to quickly get a feel for where to focus your attention or to get an overview of all the ports you've got open, ...
Ruby and OpenSSL Based SSL Cipher Enumeration
In this post, we will write our bare bones Ruby based SSL cipher enumerator to enumerate SSL cipher suites supported by a webserver. Without further delay, lets get started.Basics:The first step of ...
