This guide can be used when the goal is to modify the source code of the resource JARs used by a Java application that is launched via a JNLP file. The below guide assumes the application uses HTT...

Collection of different things to try when attempting to breakout of a Windows environment such as Citrix, AWS AppStream, CyberArk PSM, etc. General Tips & Ideas Dialogs He...

Collection of tools, techniques, and payloads for external information gathering when performing an external security assessment. Subdomain Discovery & Enumeration Find Certifica...

General encoder (and decoder) that can be used for various common encoding methods. Currently included decoding functions: Base64 HEX URL HTML ROT-N (1-25) Atbash String Reversal ...

This page contains information and commands about viewing and clearing the DNS and ARP caches on Windows computers, as well as the hosts file. Hosts File DNS Cache (CMD) View DNS C...

This post contains recommendation summaries for password security and cryptographic topics including password complexity & storage, hash functions, symmetric & asymmetric encryption, MACs, ...

This tool generates a list of sequential payloads starting and ending at the specified numbers. These values can be arbitrarily large and outputted as integers, HEX values, or base64 encoded string...

This is a tool for breaking the encryption of messages that have been XOR encrypted using a repeated key. This method uses statistics (letter frequencies and use of common words, bigrams, and trigr...

This post will cover how to crack Wi-Fi passwords (with Hashcat) from captured handshakes using a tool like airmon-ng. Install hcxtools Extract Hashes Crack with Hashcat Install hcxtools ...

This post will show how to get started using aircrack-ng to discover wi-fi networks, capture handshakes, deauth clients, and crack passwords. Setup airmon-ng Install aircrack-ng Suit...

This post will look at how browser cookies work when used on different subdomains and on different ports. Short Answer & Summary Cookie without Domain Attribute Same Domain Dif...

In this post we’ll look at some cool algorithms, methods & formulas that solve interesting problems. Fibonacci Sphere Example Code Sphere Projection UV...

Introductory guide on how to use Frida to analyse iOS applications at runtime to perform actions such as search for methods, hook methods, view & modify instructions, and view & modify regi...

In this post we’ll cover how to attack an oracle function that encrypts user supplied data concatenated with an unknown string under ECB mode while using a constant but unknown key. This post will...

In this post we’ll cover how to decrypt messages that have been XOR encrypted using a repeated key, such as 84 d2 7a 09. The method we’ll be using to break the encryption uses statistics (letter fr...