Category Archives : Tips and Tricks

Burp-isms: “Received Fatal Alert”

So you received the dreaded Portswigger Burp “Fatal Alert”?? Mooo hah hah ha… Yes I have too. In fact with more recent versions of Burp “.25” on, I have found many annoying SSL failures that have lost a lot of time on projects. NOTE TO Portswigger: Stop with the SSL games. Fix your product so […]


FLACK – A Practical Approach To Application Logging For Security

Introduction Modern development practices have minimized application logging in production environments. Many factors have contributed to this that include: Rapid prototype-to-development practices that ignore adding practical production logging. Myopic focuses on optimized and resource minimal code that consider logging a burden. Comment-less, log-less development styles that focus on pumping out code, not errata. Regardless of […]

RTSP Brute Forcing for fun and naked pictures?

RTSP… Real Time Streaming Protocol… is a protocol largely ignored these days. Once the infrastructure relied upon in the early days of multimedia (Video) and developed by RealNetworks, RTSP resides largely in the background of common protocols we pay attention to as InfoSec professionals ┬áthese days. Typically found on port 554, RTSP is still a […]

Hacker Diaries: Base 64 Hacking

Recently I ran into some database connectors that were obfuscated in the configuration file. I ran typical Base 64, UUEncode, etc techniques to reverse the obfuscation, but nothing worked. Then a co-worker of mine mentioned, “yeah its probably base 64, but they used a different indexing scheme”. Good point! Sometimes we get so use to […]