Subdomain Hijcking – Notes links & tools

I had previously read about Subdomain hijacking, but in all honesty I didn’t really “get it”. All that changed starting with this Security Fest talk by Frans Rosén entitled: DNS hijacking using cloud providers: Or more accurately I really started to get this going through Frans’s slides of the talk: I don’t want to explain the premise of this to you as it’s one of those you have to investigate yourself to really get to grips with it. But what I will do to (hopefully) bring your learning time down is detail below all of the links Frans mentions plus those from my Read More

Climbing Mount WebAppSec

Recently I have become somewhat obsessed with Web Application Security (WebAppSec) sparked in part by coming into contact with Detectify’s Lab blog posts and also the news that the UK – via the NCSC and in tandem with Luta Security – will be running a “Vulnerability Co-ordination Pilot“. As WebAppSec is a not an field I have devoted any great length of time to in the past, I am starting out on this journey as a relative novice. As such, I have decided to chart my progress and learning for anybody else that may be interested. I will consider this climb accomplished Read More