security talk & philosophizing

FF E4

Category: Offensive Security

  • CSRF Exploitation

    CSRF is a type of vulnerability where a request (POST) originates from a different domain (ORIGIN) than the target. If a vulnerable site allows another domain to send a request, it will be processed. The request would be crafted to make a change to a user account, and the trick is to get a user…

    Read more...

  • ZAP and it’s terrifying problems

    I really want to use ZAP. It’s free, it’s good, but I have some significant issues with it that give me grave concerns in its usage. Attacking Out of Scope Targets I have a site I test for work. It’s in a test environment. The web application has links to google api’s, Mozilla libraries, etc.…

    Read more...

  • ParrotOS: Fix Sherlock

    ParrotOS: Fix Sherlock

    The existing version of ParrotOS has a bug with social media lookup app, Sherlock. Specifically Sherlock has a bug where the version installed on ParrotOS won’t run (0.14.0). It requests you upgrade to 0.14.3. This upgrade can’t be done through apt, as ParrotOS will only pull down 0.14.0. To fix this, we need to download…

    Read more...

  • Easier Ways to install GVM (OpenVAS)

    Easier Ways to install GVM (OpenVAS)

    Early in the year a leader in the DevOps team at my job asked me if I wouldn’t mind taking on a project in my free time. The project was to install GVM (formerly known as OpenVAS) on a VM, which would target key systems for security audits. Our goal was also to setup an…

    Read more...

  • SSLSCAN- SSLYZE and IDS

    SSLSCAN- SSLYZE and IDS

    Kali Linux comes with some useful SSL/TLS scanners which can help determine misconfigurations and vulnerabilities. Examples Results While sslscan does a great job of returning information on what TLS version and cyphers are accepted (highlighting in orange versions that are outdated), sslyze provides a bit more detail in regards to vulnerabilities. SSLSCAN does provide a…

    Read more...

  • OpenVAS (GVM) – Installation and Running

    OpenVAS (GVM) – Installation and Running

    If you’re like me and find the OpenVAS installation to be a challenge, then this guide might be of some use to you. Keep in mind that the process outlined below is relevant as of its writing and newer versions of OpenVAS are subject to change the flow laid out below. The Problem I’ve been…

    Read more...

Recent Posts

Tags

App Archive.org CSRF dashboard EDR elasticsearch elk email Exercise EXIF filebeat GHunt Google Earth gvm IDS kibana logic Maltego OpenCTI openvas OSINT owasp philosophy Reporting Reverse Image Search scanner suricata Wazuh ZAP

Comments

No comments to show.

FF
EF

a moment now is worth a thousand moments from the before, or next.

letting go is the hardest, but most rewarding aspect of everything

© 2025 FF E4 • Powered by