Network Attack Tools

Port Forwarding in RTS

Adding Additional Port Forwards During Existing Session A little trick to setup further port forwards within a current SSH session is to press “<shift> <enter> ~ c” simultaneously and then supply the relevant command. Setting Up Multiple RDP Connections On the AWS box (connecting to deployed Kali): Edit the AWS instance .ssh/config to set up […]

MacOS

Mac Application Penetration Test

Trying to build a Mac Application Penetration Test Checklist…. How to Check if a macOS App is Notarized Version: macOS 11.7.1 You can check if a macOS application is notarized by using the spctl command-line utility. spctl evaluates if the system allows execution, installation, and other operations on files. The first example is an app […]

Web App Attack

JWT Attacks

JSON Web Token (JWT) is the proposed Internet standard, RFC 7519, for creating data with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims. The tokens are signed using a private secret or a public/private key. Let’s take a deeper dive into decoding and manipulating JWTs. This is a […]

Blue Team Code Fortification Hacking 101

HTTPS on Kubernetes with Spring Boot, Istio and Cert Manager

In this article, you will learn how to create secure HTTPS gateways on Kubernetes. We will use Cert Manager to generate TLS/SSL certificates. With Istio we can create secure HTTPS gateways and expose them outside a Kubernetes cluster. Our test application is built on top of Spring Boot. We will consider two different ways of […]