I’m in your Chef Server

Before we get to breaking things, let's do a little background on Chef and why you should care. For pentesters and red teamers, offensively we care about the data and the impact these tools present to the organizations we serve. If you are on the blue team side and looking to defend, hopefully this post … Continue reading I’m in your Chef Server →

What’s in a version number?

You're assessing a website. You get an HTTP response that looks like this: HTTP/2.0 200 OK content-type: text/html; charset=utf-8 expires: Sat, 01 Jan 2000 00:00:00 GMT x-frame-options: DENY x-powered-by: PHP/5.1.5 pragma: no-cache strict-transport-security: max-age=15552000; preload cache-control: private, no-cache, no-store, must-revalidate date: Tue, 18 Jun 2019 04:28:37 GMT X-Firefox-Spdy: h2 What do you report? If you've … Continue reading What’s in a version number? →