odle ruby gem: piping security data
I recently (May 2018) published odle [https://github.com/BuffaloWill/odle] which
is a Ruby gem and binary that takes XML data from various security
Exploiting CVE-2016-4264 With OXML_XXE
Recently ColdFusion was shown vulnerable
[http://legalhackers.com/advisories/Adobe-ColdFusion-11-XXE-Exploit-CVE-2016-4264.txt]
to XXE based attacks in OXML documents; CVE-2016-4264
[https://cve.mitre.org/cgi-bin/cvename.
Finding Hosts Using SSL Certificate Organization And Censys
Finding hosts or domain names associated with a company where the domain name
does not include the name of the company can sometimes be difficult.
Exploiting XXE In File Upload Functionality
Just wanted to post some details from my BH USA 2015 briefing “Exploiting XXE In
File Upload Functionality”.
https://www.youtube.com/watch?v=LZUlw8hHp44
Cloud Metadata URL List
I landed the SSRF Cloud Metadata technique in a few different scenarios
recently. If you haven’t seen the talk BHUSA 2014 - Bringing a