Finding hosts or domain names associated with a company where the domain name does not include the name of the company can sometimes be difficult. There are common ways to do it such as

Just wanted to post some details from my BH USA 2015 briefing “Exploiting XXE In File Upload Functionality”.

Landed the SSRF Cloud Metadata technique in a few different scenarios recently. If you haven’t seen the talk BHUSA 2014 - Bringing a Machete to the Amazon I recommend it.

An XML Entity testing cheatsheet. This is an updated version with nokogiri tests removed, just (X)XE notes.

Last month at Blackhat Arsenal 2015, Pete and I (@will_is) presented on Serpico. This was our second time at Arsenal. Yet again, awesome people, great venue, and overall a highlight for me of BH/DC/LV. We got some excellent feedback on the project, so thank you to anyone who stopped by