Setting Up Bluetooth on EndeavourOS: A Quick Guide

I had to set up Bluetooth on my EndeavourOS (an Arch-like distro), and here’s how I did it: Check the Bluetooth service status: $ sudo systemctl status bluetooth.service   This command will display the current status of the Bluetooth service. Start and enable the Bluetooth service: $ sudo systemctl start bluetooth.service  $ sudo systemctl enable bluetooth.service   These command activates the Bluetooth service and ensures that it starts automatically when

Adding BlackArch Linux Repositories to Your Arch-based System

BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers. The repository contains 2872 tools. BlackArch Linux is compatible with existing Arch installs.  BlackArch Linux can be installed as a single distro using their ISOs and it is also compatible with existing/normal Arch installations. In this case it will act as an unofficial user repository. In this post we will cover the process of adding BlackArch repositories to

Kali Linux 2023.3 – What’s New and How to Upgrade

Kali Linux has released its latest version, Kali Linux 2023.3. While it may not shout about flashy features, this release is all about power under the hood.In this post, we’ll break down the changes in Kali Linux 2023.3 and guide you on upgrading. Revamped Internal Infrastructure The big news here is a major overhaul of Kali’s internal infrastructure. With Debian 12 in the house, the Kali team decided it was

A new discovery: SimpleHTTPserver

SimpleHTTPserver is a go enhanced version of the well known python simplehttpserver with in addition a fully customizable TCP server, both supporting TLS.It will be a handy tool during your pentests. Installing go install -v github.com/projectdiscovery/simplehttpserver/cmd/simplehttpserver@latest Help simplehttpserver -h Flag Description Example -listen Configure listening ip:port (default 127.0.0.1:8000) simplehttpserver -listen 127.0.0.1:8000 -path Fileserver folder (default current directory) simplehttpserver -path /var/docs -verbose Verbose (dump request/response, default false) simplehttpserver -verbose -tcp TCP

Testing Docker WordPress environment

Next few days I will enjoying some holidays and I wanted to play a bit with WordPress security. The first step is a testing environment to avoid messing with my own production WordPress.One of the easiest ways is a local environment using Docker. In this post, I will describe the steps to create a new WordPress installation where you will be able to test everything you need. I will be

«Inventory» by Trickiest: Simplifying Bug Bounty Success

In the ever-changing world of cybersecurity, bug bounty hunters play a crucial role in finding and fixing software vulnerabilities. They boost security for organizations and protect users from potential threats. To be the first in the hunt for vulnerabilities, you need the right tools and resources, and that’s where the Trickiest’s «Inventory» project comes in. Uncomplicated Bug Hunting Trickiest’s «Inventory» goes beyond being a simple repository. It’s a specialized toolkit

Security Update: Nuclei Vulnerability CVE-2023-37896

Introduction: Last week, a critical security vulnerability, identified as CVE-2023-37896, surfaced within the Nuclei project – a potent vulnerability scanner renowned for pinpointing security weaknesses. In this comprehensive blog post, we delve into the intricacies of this vulnerability, discuss its potential implications, and outline the steps users must take to safeguard their systems. Understanding the Vulnerability: The vulnerability, formally designated as CVE-2023-37896, casts a shadow over Nuclei versions predating 2.9.9.

Burp Suite Academy: Exploiting XXE to perform SSRF attacksBurp Suite Academy

This lab has a «Check stock» feature that parses XML input and returns any unexpected values in the response. The lab server is running a (simulated) EC2 metadata endpoint at the default URL, which is http://169.254.169.254/. This endpoint can be used to retrieve data about the instance, some of which might be sensitive. To solve the lab, exploit the XXE vulnerability to perform an SSRF attack that obtains the server’s IAM secret access

Burp Suite Academy: Exploiting XXE using external entities to retrieve filesBurp Suite Academy

This lab has a «Check stock» feature that parses XML input and returns any unexpected values in the response. To solve the lab, inject an XML external entity to retrieve the contents of the /etc/passwd file. Checking the request using Burp: Looking at the Port Swigger XML external entity (XXE) injection documentation we can learn a bit about this vulnerability. Send to Repeater and add the payload. The response will be:

Project Discovery – Fuzzing Templates

Project Discovery has many amazing tools and useful repositories. Nuclei is one of the tools used daily and one of the best template lists for nuclei usage is Nuclei-Templates. Besides that awesome template collection, it exists that could help to find that finding is hiding with Nuclei-Templates. According to its description: Fuzzing templates are used with nuclei scanner which powers the actual scanning engine. This repository contains various fuzzing templates for the