SleuthQL aims to augment an assessor’s ability to discover SQL injection points by automating some of the request analysis required during a web application assessment. SleuthQL is a Python 3 script to search Burp Suite’s request history for parameters and values that match syntax matching that of database languages, such as SQL. It judges a… Read More

This cheatsheet is intended to run down the typical steps performed when conducting a web application penetration test. I will break these steps down into sub-tasks and describe the tools I recommend using at each level. Source: jdow… Read More

Common configuration mistakes, vulnerabilities, and chaining common network attacks while performing a wireless assessment can lead to corporate network access before lunch. Like my last Top 5 series, many of the same attack vectors used years ago still work in 2018. Source: medium… Read More