• Recent Posts

    • Exploiting CVE-2016-4264 With OXML_XXE
    • Finding Hosts Using SSL Certificate Organization And Censys
    • Exploiting XXE In File Upload Functionality
    • Cloud Metadata URL List
    • XML Entity Cheatsheet - Updated
    • About
    • Projects
    • Presentations
    • Github - github.com/BuffaloWill
    • Twitter - @0xRST
    • Email - will _at_ silentrobots.com







Exploiting CVE-2016-4264 With OXML_XXE

Recently ColdFusion was shown vulnerable to XXE based attacks in OXML documents; CVE-2016-4264. The

Read on →

Finding Hosts Using SSL Certificate Organization And Censys

Finding hosts or domain names associated with a company where the domain name does not include the name of the company can sometimes be difficult. There are common ways to do it such as

Read on →

Exploiting XXE In File Upload Functionality

Just wanted to post some details from my BH USA 2015 briefing “Exploiting XXE In File Upload Functionality”.

Read on →

Cloud Metadata URL List

Landed the SSRF Cloud Metadata technique in a few different scenarios recently. If you haven’t seen the talk BHUSA 2014 - Bringing a Machete to the Amazon I recommend it.

Read on →

XML Entity Cheatsheet - Updated

An XML Entity testing cheatsheet. This is an updated version with nokogiri tests removed, just (X)XE notes.

Read on →

← Show All Posts