Juniper Two Factor VPN & Linux
David Fletcher // On a recent internal penetration test engagement, I was faced with using a Juniper VPN to access the target network. One small problem, Juniper does not formally […]
David Fletcher
TestSSL.sh –Assessing SSL/TLS Configurations at Scale
David Fletcher // Have you ever looked at Nessus scan results to find the below in the output? Recently I was on engagement and encountered just this situation. I found […]
Using Recursive Grep to Test Per-Request CSRF-Token Protected Pages
David Fletcher // Cross-Site Request Forgery (CSRF or XSRF) is an attack which is used to execute a transaction on behalf of a victim user against a vulnerable web application. […]
Using Simple Burp Macros to Automate Testing
David Fletcher // Recently, while assessing a web application I noticed content on one of the pages that appeared to be derived from sensitive information stored within the site’s user […]