SaturdayMP Show #25: TPS Report Uploader CFT Walkthrough (Vulnerable Blazor Application)

https://youtu.be/uBnua-JZrec

Happy Holidays!

In this episode I do a walkthrough of the TPS Report Uploader capture the flag (CTF) I created.

Question you want answered in a future video? Pair on a problem? Constructive feedback? DM me or email ask@saturdaymp.com.

#blazor #burpsuite #cybersecurity #gobuster #ctf #saturdaymp #saturdaympshow

Tag zsam 👋
weiter geht die Reise. Gestern Spaß mit #gobuster heute Spaß mit #WPScan. Es gibt schon richtig gute und viele Tools. Habe schon einige kennengelernt und die praktischen Aufgaben sind auch gut. Nur fehlt mir irgendwie auf das Kapitel zugeschnittene freiwillige zusätzliche praktische Aufgaben. 🤔
Naja...man kann ja nicht alles haben.

Morgen schaue ich mir dann #nikoto genauer an. 👀

[32🔥] #tryhackme

Moin 👋
eigentlich habe ich ja derzeit den Pfad der #Web #WebFundamentals beschritten und habe diesen bereits zu 95% abgeschlossen.

Nun gibt es dort aber ein Modul was andere Module voraussetzt/empfiehlt. Nun gut, also gibt's jetzt einen kleinen "Umweg". Dafür hatte ich heute Spaß mit #gobuster 😀

[31🔥] #tryhackme

I just solved the "Web Enumeration" room on @RealTryHackMe to work on my #Gobuster, #WPScan and #Nikto skills.

Also started taking notes in markdown language with #joplin I think, I will stick with that for the sake of organized notes.

We run an OpenCollective fundraiser for #Gobuster, where all proceeds go to varies charities once we hit a certain financial threshold (usually around USD $500). We've just donated the most recent batch of funds to "Kids Helpline" (https://kids-helpline-tax-appeal-2023.raisely.com) here in Australia, run by Yourtown (https://yourtown.com.au/donate).

For transparency ...
Donation expense is here: https://opencollective.com/gobuster/expenses/142097

Support the kiddos!

Thanks to everyone who donated. You're frickin' awesome.

Does anyone know how I could #fuzzy test #api endpoints of URLs with unknown depth of the API endpoint?

For example I have:
- example.com/api/thing
- example.com/api/internal/thing
- example.com/api/v1/doc/thing

The known constant is the domain and the first /api/ URI. Everything else should puzzle itself together.

I used now #gobuster and the SecLists, but somehow miss something.

I’m making a thing. If you’ve ever wanted to brute force URLs on #iOS, I have an app beta for you.

https://testflight.apple.com/join/9UGqTaIZ

I’m going for ease of use, robust tagging support, and native feel. Lemm know what you think.

#infosec #dirb #gobuster #dirbuster #pentesting

Testing video upload/sharing. This is my in development #iOS HTTP enumerator (think #gobuster). Written in #Swift #SwiftUI using #CoreData. #infosec