The purpose of this project is to provide a platform to enable more flexible testing especially in aspects regarding to web security and the OWASP top 10 threats to web applications. This will enable free and opensource collaboration, being a web based tool, it is intended to make offensive security on the web easier and […]
It’s been a while since my last “confession”. So today I’m here to tell you that sadly “I placed my hand in the cookie jar”. Pfffffffft!!!!! There’s a nifty new feature in the OWASP mth3l3m3nt framework that you just might love, it was inspired by pentest tools. It aims to give potency to Cross Site Scripting […]
You are in the middle of an assessment , things are thick. SE is the only option but you are short on time. Users however are sloppy and the question begs to ask: What’s the Worst that could happen on an unlocked screen for a few minutes? Well Take these pointers at hand: Users Leave […]
When performing a penetration test on applications on the web especially in form fields that deal with password functions e.g. Database configuration forms , User Listing pages, you may want to know whether it echoes back the password in plain text which is usually a bad practice. It is particularly useful in mass revealing of […]
So up until the lack of creativity recently things have been decently quiet, but they are here again and they are craftier . Lets dub this “We Phish”. Because like many other users we love free things and WeTransfer is one of those ones we enjoy using but at what cost; For those willing to […]
The installation of Mth3l3m3nt has been made as easy as possible. The first step though is getting the server configuration to work well to achieve three things: Disable Directory Listing Enable Htaccess overrides Allow Includes and Symlinking for dynamic routes to work. This can all be found in the article here. Alternatively watch the video […]
The HackBattle this year was themed ROTT (“Rampage of the trolls”) The infrastructure is courtesy of Azanuru Technologies. It was announced on various platforms on social media for people to participate in over a period of 4 weeks. This was testing key skills including The main aim was to help people understand how to develop […]
For those that didn’t get part 1 click the button below: HackBattle 2015 Scenario 1 Part 1 Thou shalt not ignore hints – Hint 2 Later on as people got stuck on the easy bits. The second hint was given. Now being as easy as it is most people didn’t take heed to the words […]
Hackbattle Scenario 2 is way easier than HackBattle 2015 Scenario 1 Part 1 because once you figured out the con (Hacking Team Saga) it was pretty straight forward and googling all the way. In short you needed to Pozzi this battle. Watch it below to see how it was to be done.