Skip to content

passkwall.net

Hacking, Red Teaming, Offensive Engineering

Menu
  • /home
  • /about
  • /github
  • /linkedin
  • /youtube
Menu

Category: Tools

Pentesting Tools

Visualizing Network Scans and Identifying Relationships with Neo4j

Posted on March 11, 2022March 13, 2022 by passkwall

Networks can be gigantic, period. Scanning from different network vantage points can also be challenging. The more and more I started getting into the weeds of a networking using Masscan and Nmap, the harder it was for me to make visual sense of its topology. Sure, I could use spreadsheets like everyone else but this…

Continue reading

Leveraging Postman Collections for Offensive Webapp Testing

Posted on August 12, 2021April 7, 2022 by passkwall

I was recently in an engagement with a web application that was interconnected with about half a dozen services while offering up a few dozen API routes that had to be tested within three days. As I stared at the flow chart provided and tried to gather an understanding of what I needed to test…

Continue reading

How to configure Android Studio with BurpSuite

Posted on July 11, 2021April 7, 2022 by passkwall

Let’s say you’ve been assigned some mobile work. You’re a pentester, mobile developer, or just a tinkerer who needs to be able to see traffic flowing to and from your Android device. Chances are you’re going to want to use BurpSuite to help make your life a little bit easier. Problem is that the instructions…

Continue reading

Timing-Based Username Enumeration: What’s a fix versus mitigation?

Posted on July 7, 2021April 7, 2022 by passkwall

For web-based applications, Timing-based Username Enumeration is a great find. For testers it’s low-hanging fruit and a great way to enumerate valid accounts for password attacks or social engineering. For engineers, fixing can be a pain in the rear end. Recently, I had an interesting debate with a coworker after writing a re-test report for…

Continue reading

Search blogs + topics

Recent Blogs

  • Finding security bugs across a codebase for beginners
  • How I transitioned into security, and what I would do differently (2022 edition)
  • Securing your CI: How to determine what matters most
  • What the OSCP doesn’t prepare you for in the workforce, and how to get caught up!
  • Docker Cache Poisoning – Part 1

Topics

  • Hacking
  • Hackthebox
  • Mindset
  • OSCP
  • Tools
  • Tutorials
  • Uncategorized
  • /home
  • /about
  • /github
  • /linkedin
  • /youtube
© 2023 passkwall.net | Powered by Minimalist Blog WordPress Theme