Pentesting, Offensive Security Research & Development

Webapp Enumeration with Waldo

At Red Team Labs, we find ourselves using DirBuster a lot. It’s a pretty essential tool for quickly enumerating subdomains and web directories. The project is no longer actively maintained however, and since it’s written in Java it doesn’t exactly work well with our existing toolset. To deal with this, we wrote our own multithreaded subdomain and directory bruteforcer in Python. We named it Waldo.

CSAW Quals 2015 - Lawn Care Simulator Writeup

When we navigate to the challenge at in our browser, we’re greeted with this fantastic looking page:

OSX Tiling Workflow

I love tiling window managers. My absolute favorite is Awesome, which is available for both Linux and BSD. When I started spending more time in the OSX environment about a month ago, it quickly became apparent that keyboard centered workflows were a scarcity. Even worse, true tiling solutions for OSX were virtually nonexistent.