PinnedM CStealing AWS STS keys from Instance Metadata ServiceIMDSv1 is enabled by default on EC2 instances. This article shows exploitation of an SSRF vulnerability to obtain Security Token Service…Nov 13, 2022Nov 13, 2022
M CSearch IPs, domains, hash, OS commands with a single click using a Browser ExtensionBeing a security analyst for almost 5 years allowed me to finally have some form of intuition of the usual steps that need to be taken…Dec 28, 2022Dec 28, 2022
M CReversing the hijacked ua-parser-js’s malware payload (Danabot)The popular NPM package ua-parser-js gathers over 8 million downloads per week, it is used to detect the client’s machine information…Nov 1, 2021Nov 1, 2021
M CHow to quickly subnet IP addressesto be able to subnet IP addresses in under 20 seconds (usually) and perform the calculation purely in your head as opposed to googlingMay 23, 2021May 23, 2021