-
Healthcare Targeted Phishing
Recently discovered a highly targeted phishing campaign against healthcare organizations that utilize Citrix Gateway. The attackers pull web resources directly from the target's storefront page as you can see in the example landing page.
Read more… -
DOE CDC 2018 Writeup
Intro: Back in April I participated in the US Department of Energy's cyber defense competition. The competition is strictly collegiate and is held once a year. This is the third year for the competition and it was bigger than ever.
Read more… -
3K Bounty for Exposed Git Config
Intro: I was recently rewarded a VERY generous bounty for finding an exposed /.git/config on a server owned by a fairly large name in the cryptocurrency mining scene. The vulnerability was trivial and any greenhorn infosec enthusiast such as myself could have found it within < 1hr.
Read more… -
Subdomain Takeovers
Intro In this article I'm going to show you how to use aquatone to find subdomains and perform takeovers. A subdomain takeover involves finding a subdomain with a DNS entry that is pointing at services such as AWS, CloudFront, or Unbounce but is not claimed within the service.
Read more…