Security Tip – PayPal Request Scam
There has been an increase in the number of scam emails originating from PayPal. In these instances, the target victim receives an email about a transaction that requires payment. The transaction usually lists some expensive item or items and is meant to invoke a sense of panic due to the transaction amount. The details of […]
SSH Socks Proxying and Burp
There’s no question about it, PortSwigger’s Burp Suite is the de-facto tool for testing web applications for security vulnerabilities. It’s far from a “fire-and-f0rget” tool, which means that it take a lot of getting used to in order to make effective use of everything that the tool has to offer. Due to it’s rich feature […]
Know Your Role(s)!
Too often, I’ve started a web application penetration test with one set of user credentials, a target application URL and it’s off to the races. Not long after starting the test, it becomes apparent that I’ll need at least one more set of credentials in order to properly test all of the application functionality. It’s […]