Running a python script inside a kali docker container running on Windows.

Building hacking tools in Windows using Docker

Something that I have struggled with in the past as a software developer turned penetration tester is the fact that I use two operating systems on a daily basis, and this sometimes causes friction in my workflow. Note: I really don’t intend or want this to be a discussion of the merits of one OS or IDE compared with another. I use the tools that I am familiar and productive with, and it’s totally cool if you use something different....

28 July 2020 · 5 min · 1000 words · Jakob Pennington
The docker logo, a blue whale with shipping containers on it's back.

Can Docker containers replace VMs for bug bounty hunters and penetration testers?

There were many things to consider, and we may talk about some of those things in the future, but the aspect of penetration testing I want to talk about today is the infrastructure we use to conduct a penetration test. Note: With a few minor exceptions, the same thought process applies for bug bounty hunting. If that’s more your thing, feel free to sed s/penetration testing/bug bounty hunting/g. What do we need from our infrastructure?...

22 July 2020 · 10 min · 1920 words · Jakob Pennington
A graphic of a HTML script tag fading into the background.

Minifying XSS

Cross-Site Scripting is still one of the most prevalent web application vulnerabilities, and has featured in each revision of the OWASP Top 10 since the list was first published in 2010. Peaking at #2 in 2010, XSS was knocked off the podium for the first time in 2017, coming in at #7 on the list. This demotion may be due to the rise in popularity in Single Page Application (SPA) front-end frameworks such as React, Angular and Vue, which often include built-in sanitation to prevent these attacks....

18 March 2018 · 8 min · 1492 words · Jakob Pennington