Modern Web Application Penetration Testing , Hash Length Extension Attacks, (Wed, Sep 6th)

I had the opportunity to sit with my friend Ron Bowes (@iagox86) awhile back to talk about SEC642 content and the state of web application penetration testing in general. He mentioned hash length extension attacks, and that he had coincidentally written the absolute best tool to exploit them! That’s definitely something that we would consider adding. Ron has also done write-ups for capture the flag (CTF) challenges that can be solved using his tool hash_extender. 

Article Link: https://isc.sans.edu/diary/rss/22792