There is a distinct, suffocating modern aroma that smells remarkably like a blend of freshly minted crypto, expensive cologne, and the distinct, stale scent of a Sunday pew that hasn’t seen an honest tear since the Eisenhower administration. We are currently expected to bow our heads to a rather peculiar trinity: Capitalism, Christianity, and Patriotism. Read More …
SSTI – Server-Side Template Injection
One vulnerability in the world of web development to be aware of is Server-Side Template Injection. This type of vulnerability can have serious implications for web applications and services, especially those that serve mobile applications. What is SSTI? Server-Side Template Injection occurs when an attacker is able to inject malicious code into a template on Read More …
Tool Overview :: DNSDumpster
DNSDumpster is a free, web-based domain research and reconnaissance tool used to discover an organization’s internet-facing assets. In information security, it is categorized as a passive reconnaissance tool, meaning it gathers information from existing public records without directly interacting with the target’s servers. For a new security professional, it serves as an essential utility for Read More …
SCP – Service Control Policies
Service Control Policies are a feature of AWS Organizations that allow administrators to manage permissions across multiple AWS accounts in a centralized manner. SCPs provide a way to define the maximum available permissions for accounts within an organization, ensuring that security and compliance requirements are met while allowing flexibility in resource management. Organizations can enforce Read More …
Tools – validin-phish-feed
The validin-phish-feed is a GitHub repository that provides a feed of phishing domains, curated by the Validin Threat Intelligence Platform. Validin is a company that specializes in internet intelligence, offering services for threat hunting, brand protection, and incident response. Their platform aggregates and analyzes vast amounts of DNS data, host responses, certificates, registration data, and Read More …
Tool Overview :: altdns
While tools like subfinder or amass are excellent for finding known subdomains through public records, they often miss “hidden” environments like development servers or internal staging areas. This is where altdns becomes an essential part of the security toolkit. What is Altdns? Altdns is an open-source DNS reconnaissance tool designed to discover subdomains that follow Read More …
The Neon Jungle and the Shrinking Ballot
Listen, I’ve seen the seasons turn from the red clay of Kansas to the steel-grey skies of Harlem, and I have maybe at least learned one thing in my life: Today the song of liberty sounds a lot like a cash register if you listen close enough. Today, we’re living in a high-speed, digital age Read More …
RDP – Remote Desktop Protocol
Remote Desktop Protocol is a proprietary protocol developed by Microsoft that allows users to connect to and control or manage a computer remotely over a network connection. RDP is commonly used in Windows environments, enabling users to access their desktops, applications, and files from anywhere, as long as they have an network connection. This technology Read More …
Fast and Furious Frank Speaking Chickens
Furious Frank is a Chicago-based ensemble known for a high-energy, eclectic sound often described as “gypsy-carnival rock” or “alt-Americana”. They are recognized for their theatrical and genre-bending performances that blend rock with folk, blues, and world music elements.
PQC – Post-Quantum Cryptography
The Quantum Clock is Ticking Most of our digital security rests on a mathematical “hard problem”: factoring massive prime numbers. For a classical computer, this task is like trying to find a specific grain of sand on a beach, it’s technically possible, but it would take longer than the age of the universe. However, a Read More …