Welcome! If you’re here it is probably from seeing the #Hack365 project I have been working on since the day after DefCon 30 in 2022. I might sometimes post other things, but until DefCon 31 that’s the daily plan.
Gonna get a small pitch out of the way: I wrote a book and you might like it.
Fishnet And You
TL;DR – This post aims to answer a lot of these questions: It is absolutely a work-in-progress and will be updated as I learn things. FAQ: Do I need a NetworkBehaviour on everything? Nope! The only times you really need a NetworkBehaviour are: How can I handle network events without…
Tool Update – Scoper v1.1.0
TL;DR – Scoper v1.1.0 adds a new Interactive Mode which is a looped console allowing you to just punch in a target and get a response. Good for quick-scoping. Scoper v1.1.0 was released recently adding a new -i / –interactive switch. Calling this will enter you into a REPL-like loop…
Tool Release: Scoper
TL;DR: Scoper helps pentesters stay in-scope by letting them quickly compare given IPs or hostnames against the configured scope list. Targets can either be in-scope, specifically excluded, or out-of-scope. Get it here: https://github.com/TactiFail/Scoper On various internal network pentests in the past, my client-provided scope has looked something like this: which…
What Happened in 2023?
A lot! TL;DR – Health anxiety, game development, and… Swedish? In my last post, way back in November 2022, I shared a bit about why I was ending my attempt at documenting “One hack per day for 365 days”. It was, as with most of my ideas, probably firmly rooted…
Hack365 – Day 97
TL;DR – Another “State of the Hack365” post Back on Day 45 I posted about the future of the Hack365 project, how I felt I was doing, where I felt it was going, etc. Some of the things I said were: Yes, I am going to try to post something…
Hack365 – Day 96
TL;DR – More Prototype Pollution learning In a previous post, I went over some of the reading on Prototype Pollution, a tricky vulnerability that sometimes shows up in JavaScript libraries. Today, I did the first of the labs, found here: https://portswigger.net/web-security/prototype-pollution/finding/lab-prototype-pollution-dom-xss-via-client-side-prototype-pollution I’ll be honest, I had to use the guides…
Hack365 – Day 95
TL;DR – I am on Mastodon! https://infosec.exchange/@tactifail Pretty much title. Another busy day, BUT: So yeah! All good things, mind is definitely more at ease. If Twitter hits the shitter, find me here: https://infosec.exchange/@tactifail
Hack365 – Day 94
TL;DR – Revisited the Prototype Pollution Javascript vulnerability I forget where, but recently the Prototype Pollution Javascript vulnerability came back onto my radar. It wasn’t something I had a ton of experience with so I decided to revisit it. My reading from today, in order: I’m going to let my…
Hack365 – Day 93
TL;DR – LEVERAGE Today was another “nothing got done” day because I spent most of it on various phone calls. HOWEVER In the spirit of hackery we did start season 2 of Leverage: Redemption and I was very happy to see Hardison back in action, even if just for the…
Hack365 – Day 92
TL;DR – Today was very nearly a zero day And I don’t mean 0day. Life took a different direction today than I’d have preferred. Ended up spending much of it in the hospital for what I am really hoping isn’t cancer. Won’t know until later in the week. Got back…
Loading…
Something went wrong. Please refresh the page and/or try again.
TactiFail 