Wednesday, 30 May 2018

Google Advanced Searches - Google Dorks

This morning I experimented with some Google searches which can reveal information on public sites.

Inspired by some posts from @Random_Robbie on Twitter

These are now known as Google Dorks.

Tuesday, 15 May 2018

On Hacking and Being Hacked

TLDR; If you self-host a Wordpress site, make sure you can restore from backups and check your site using wpscan and other tools regularly.

Is it irony or synchronicity when you learn hacking in more detail and end up being hacked.

Lessons learned from a WordPress hacking challenge and having your WordPress site hacked.

Wednesday, 9 May 2018

Protect The Square and Buggy Games

TLDR; Some games are not meant to be played, they are meant to be played with.

I recently released “Protect The Square”, which according to my version control system I wrote on 2nd May 2016. I had forgotten about it.

I found it again a few days ago and decided to release it as the technical exploration exercise it was intended for.

Tuesday, 8 May 2018

On CounterString Algorithms

TLDR; Reverse counterstrings are easier to generate. Creating same output forward is harder but might be useful for streaming or files.

I assume everyone has heard of and used CounterStrings. I came across them because James Bach wrote about them and created the perlclip tool to generate them.


Over the years I’ve written a few utilities for generating CounterStrings for a variety of platforms. I had to implement them in Excel once because we weren’t allowed to install any test tools.

Fortunately, with Excel we had VBA and could write anything we wanted.

I’ll describe the steps I’ve taken to create a Predictive Forward CounterString Algorithm.

Friday, 4 May 2018

When Management Systems Restrict Testing - Crowdsourced Functional and Security Testing Mismatch

TLDR; Too many scope and reporting restrictions on testing attenuates both noise and signal.

I’ve tried a few crowdsourced testing environments - as a tester.

And I’ve tried a few crowdsourced security testing bug bounty environments - as a security researcher.

Unfortunately, both of these environments create a management system that limits the defects that can be raised.

  • when taking part in a BugBounty - functional defects are out of scope.
  • When taking part in a crowdsource testing project - so many defect categories are out of scope
If I was a company outsourcing to these programs, I would view that as a risk.

Thursday, 3 May 2018

The Evil Tester Show - Episode 005 - Rejection

TLDR; Everyone experiences rejection. We need strategies for how we respond to it.

The Evil Tester Show Episode 005 covers the topic of Rejection and strategies of how you can cope with it.