I use keepassxc to store my passwords. Up until now for my setup I have been using Password + Keyfile as the database credentials, where keyfile has been mostly used as a salt rather than an actual secrets. I store a backup of this keyfile in various online accounts. Because of this I've never been entirely comfortable storing the passwords anywhere online, as it would only require cracking my password. Adding the yubikey secret to the credentials should add an offline factor that will be very difficult to compromise.
ReadTrying to find instructions on how to reset the M15w printer to set up a new wifi connection was annoying enough that I wrote it down.
Read**tl;dr;** Microsoft has an internal use shorturl service at **go.microsoft.com** that can be enumerated for hijackable links. It might be useful for you as a red teamer if you want to phish windows users.
ReadIn October 2022 I found a pretty specific CSRF vulnerability on Bitbucket Server (the self hosted version). Since it has now been patched, here are the details.
ReadIn May last year (2022) I found and disclosed a vulnerability on a subdomain of nhp.gov.in. Using an exposed syncthing admin interface, I was able to gain root SSH access to the server by syncing the `/root/.ssh` directory.
ReadIn this post I want to show a quick way to scrape websites using the python package requests-html and firefox's developer tools.
ReadAn example of using Google Analytics to exfiltrate past CSP directives on HackerOne
ReadInstructions on how to revoke your public PGP key from MIT's Key Server.
ReadSome disorganized notes on how I set up my yubikey for SSH auth and git commit signing.
Read