One vulnerability in the world of web development to be aware of is Server-Side Template Injection. This type of vulnerability can have serious implications for web applications and services, especially those that serve mobile applications. What is SSTI? Server-Side Template Injection occurs when an attacker is able to inject malicious code into a template on Read More …
Tag: 31ric
SCP – Service Control Policies
Service Control Policies are a feature of AWS Organizations that allow administrators to manage permissions across multiple AWS accounts in a centralized manner. SCPs provide a way to define the maximum available permissions for accounts within an organization, ensuring that security and compliance requirements are met while allowing flexibility in resource management. Organizations can enforce Read More …
Tools – validin-phish-feed
The validin-phish-feed is a GitHub repository that provides a feed of phishing domains, curated by the Validin Threat Intelligence Platform. Validin is a company that specializes in internet intelligence, offering services for threat hunting, brand protection, and incident response. Their platform aggregates and analyzes vast amounts of DNS data, host responses, certificates, registration data, and Read More …
RDP – Remote Desktop Protocol
Remote Desktop Protocol is a proprietary protocol developed by Microsoft that allows users to connect to and control or manage a computer remotely over a network connection. RDP is commonly used in Windows environments, enabling users to access their desktops, applications, and files from anywhere, as long as they have an network connection. This technology Read More …
SSH – Secure Shell
SSH, or Secure Shell, is a network protocol that allows users to securely access and manage devices over a network. It is widely used for remote administration of servers and network devices. SSH provides a secure channel over an unsecured network by using encryption, which protects the data being transmitted from eavesdropping and tampering. Key Read More …
Tool Overview :: subfinder
In our journey through DNS discovery, we’ve used active tools like dnsrecon and dnsenum that directly “touch” a target’s infrastructure. While effective, active probing can be noisy. To stay under the radar while gathering a massive footprint, we turn to subfinder. As of 2026, subfinder remains the gold standard for passive subdomain discovery. Developed by the Read More …
Fine-Tuning an AI
We’ve talked about grounding (giving an AI a textbook to look at) and prompting (giving an AI clear instructions). But sometimes, you don’t just want the AI to look at a book; you want the AI to become an expert in its bones. This is called Fine-Tuning. Generalist vs. Specialist Think of a standard AI Read More …
The New Gospel of the Gilded Calf
It has been remarked by men wiser than myself that the Good Book is like a mirror: if an ass looks in, you can’t expect an apostle to look out. These days, however, it seems a whole congregation of folks have looked into the Gospel and somehow mistaken the Beatitudes for a business prospectus. I Read More …
Automating Infrastructure Visibility with dig
In modern cybersecurity, you cannot protect what you don’t know exists. Traditional DNS tools often give you fragmented data. You get an A record here, an SPF record there, but connecting those to an owner (WHOIS) or a risk profile (Shodan) usually requires manual effort. A Solution: One Script to Rule Them All I’ve consolidated Read More …
THE SOUND AND THE SURGE
A FRAGMENT OF THE UNCONQUERED DARK By William Faulkner It was not the machine but the wanting of the machine, the cold, calculated, and inexorable expansion of a thing that had no blood but possessed a terrible, circulating hunger for the lightning. Kevin sat there. He was a small man, a man of Tiers and Read More …