I recently published odle which is a Ruby gem and binary that takes XML data from various security tools and outputs their JSON equivalent. The goal is to be (1) simple, (2) fast, and (3) work on many platforms with only one dependency – nokogiri.

Below are two examples using odle to convert output from one tool (e.g. burpsuite) as input for something else (e.g. nmap scans).

Recently ColdFusion was shown vulnerable to XXE based attacks in OXML documents; CVE-2016-4264. The

Finding hosts or domain names associated with a company where the domain name does not include the name of the company can sometimes be difficult. There are common ways to do it such as

Just wanted to post some details from my BH USA 2015 briefing “Exploiting XXE In File Upload Functionality”.

Landed the SSRF Cloud Metadata technique in a few different scenarios recently. If you haven’t seen the talk BHUSA 2014 - Bringing a Machete to the Amazon I recommend it.