Installing Hashcat with AMD Radeon drivers on Ubuntu Linux

Summary This post describes how I got the latest build of Hashcat working on a newly installed Ubuntu 20.04.4 LTS. History My previous password cracking rig was a 2009 Mac Pro with an AMD Radeon RX580 and this proved a fast and reliable platform for several years until I upgraded the MacOS version to 10.15 (Catalina) after which hashcat started throwing runtime errors like:
Read full post gblog_arrow_right

Kiterunner - an API scanner

Kiterunner is a context based webscanner that uses common api paths for content discovery of an application’s api paths. Example usage: kr scan https://example.com -w ~/kiterunner/routes.kite kr scan https://example.com -w ~/kiterunner/routes.kite --ignore-length=1234

Book Review - Hacking APIs by Corey Ball

Title : Hacking APIs - Breaking Web Application Programming Interfaces Author : Corey Ball Date : April 2022 ISBN-13: 9781718502444 Link: https://nostarch.com/hacking-apis Our penetration testing engagements web applications increasingly involve URLs with /api/ in their path. Of course these can be tested just like any other URL but it became obvious that there are subtleties to testing APIs that required a new set of testing methods. This book promises to provide a thorough grounding in API testing.
Read full post gblog_arrow_right

Jason Haddix's Bug Hunter's Methodology

On 3 May 2022, @Jhaddix tweeted about his Bug Hunter’s Methodology Application Analysis v1. This led me to his original guide titled "(4.02) to The Bug Hunter’s Methodology" which can be downloaded from Google Docs. A great overview of tools and techniques.

Testing for F5 Networks BIG-IP vulnerability (CVE-2022-1388)

Background CVE-2022-1388 is a critical vulnerability (CVSS 9.8) in the management interface of F5 Networks’ BIG-IP solution that enables an unauthenticated attacker to gain remote code execution on the system through bypassing F5’s iControl REST authentication. The vulnerability was disclosed publicly on 4 May 2022. Links https://arstechnica.com/information-technology/2022/05/hackers-are-actively-exploiting-big-ip-vulnerability-with-a-9-8-severity-rating/. Testing A bash script to test for CVE-2022-1388 was published at https://www.
Read full post gblog_arrow_right