Information Security Think Tank
Notes
3 of 93 notesSee All
- CVE-2009-1151: phpMyAdmin Remote Code Execution Proof of Concept 12:03pm Jun 9
- Hacking Linksys IP Cameras (pt 5) 1:04am Jun 5
- Breaking Into a Home With an iPhone 4:27am May 11
This article is a continuation of the following GNUCITIZEN articles: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt 3), Hacking Linksys IP Cameras (pt 4)...
This is going to be one of these quick posts which just makes you think what the information security landscape will be like in 5 years. Before I move on with my commentary, here is a video which is essential for you to watch. Got the idea? No! Let me explain...
Two of the most popular Firefox extensions are at war, fighting for their own piece of land. More examples will follow. Oh yes, the digital battlefield is taking unusual shapes. The latest manifestation of cyber warfare is a conflict between the Adblock Plus and the NoScript extensions...
When I was playing/introducing the partial disclosure practice an year and something ago, I did get contacted by numerous dodgy characters willing to buy yet undisclosed vulnerabilities for substantial amount of money. Of course, requests of that nature were kindly ignored...
With this post I would like to inform you that Jeriko moved in its own source code repository which you will be able to find here. There is also a discussion group here, if you feel like using it. The version inside the new code repository is very different from the version you’ve seen before...
This article is a continuation of the following GNUCITIZEN articles, which include an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt 3)...
This article is a continuation of the following GNUCITIZEN articles, which include an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2)...
This article is a continuation of the following GNUCITIZEN article, which includes an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1)...
During the easter break, I was playing with my my wireless Linksys IP camera which, although I bought several months ago, I hadn’t taken my time to give the attention this beauty deserves until now...
On the 14th this month, Computerworld published an interesting article titled ‘Mafiaboy’ spills the beans at IT360 on underground hackers. Interesting read but nothing too exciting. The article is yet another proof that we are all in big trouble...
Perl, Ruby Python: use the language that suits your character. However, one of the things that differentiate python from the rest is its philosophy, which is: there should be one– and preferably only one –obvious way to do it (where it is a problem)...
This morning I spotted several blog posts mentioning that Twitter have been hit by yet another XSS worm...
I wish I had the ultimate tool, whether that is a programing language such as perl, python and ruby, or whether it is a framework like metasploit and vulnerability scanner like nessus. I wish, but I know that such thing doesn’t exist and probably never will...
Over the last couple of weeks I’ve added more features to the Jeriko toolkit which I briefly covered in my post over here. For those of you who don’t know, Jeriko is a compilation of various bash scripts to ease manual penetration testing practices...
I’ve got quite a lot of good feedback on the security buzzword generator I announced yesterday. For those of you who do not know, the generator is a fun little utility part of the GNUCITIZEN campaigns which helps you with coming up with new and exciting buzzwords like a security pro...
In the light of the Month of New Security Buzzwords, I am releasing an online fuzzer to help you generate as many security buzzwords as you like. Sweet! Jokes aside, tools like this one are quite helpful to brainstorm new ideas...
We certainly don’t need the ultimate pentesting framework but we can make use of the ultimate pen-testing environment. This is sort of pre-announcement of a tool I am currently working on, different from jeriko, which I hope will improve the way we do pentests...
The new edition of CONFidence is coming up soon! CONFidence, which has become one of the biggest technical IT security conferences in Europe, is taking place on 15-16 May in the beautiful city of Krakow...
This is a quick announcement just to let you know that our codes are now getting synced at code.gnucitizen.org, which is basically a file browser interface to the source repositories...
Do some people have the magical skill to find vulnerabilities with ease while others don’t! Of course not! I disagree with the whole tendency to believe that technical understandings is all that is needed to find vulnerabilities. It is mostly persistence that plays a role...
The truth is that some things will never get picked up by the community unless you really start bragging about them. Repetition is a key element...
You’ve already got it! It is laying on your PC and it is called the shell. The shell was designed to start/strop and control process with ease so why do we need yet another universal pen-testing framework, which does what another tool is already doing for us and it comes by default...
We just released a new version of dnsmap. dnsmap is a subdomain bruteforcer for stealth enumeration. Originally released in 2006, dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments...
In my last post I showed my own implementation of an HTTPS Man-in-the-middle proxy written from scratch in Python. I’ve spent great deal of time to make the proxy as programmer-friendly as possible...
Lately I’ve been busy with putting together a python module which allows me to create man-in-the-middle (MITM) HTTP Proxies with a programmer-friendly extension interface and support for SSL...
Work with the system rather against it. I have always been a big fan of this approach as it proved to be successful every time it was put into practice. So you receive one of these phone calls. The girl on the other end presents herself as Jessica Smith...
I found myself a new online toy. It is called Pipl and it is all about finding people online. Obviously, the concept behind the tool is not new. There are other tools that does the same, but this one is incredible accurate and verbose...
And the are a lot of privacy concerns too. IMHO, the way the Twitter folks designed their system, is totally wrong. The one and only major concern is that 3rd-part software is allowed to communicate with Twitter’s API by using the user’s login credentials...
Jeremiah is calling all security researchers and hobbyists to submit their favorite Web hacking techniques released during 2008. There are some nice perks too. I say Sure!. Although I don’t like the fact that there are judges appointed to select which one is the best one...
I was browsing around and I incidently stumbled across an article from Wikipedia. Of course, I’ve done no research whatsoever on the figures that I am about to post here...
Most of us are familiar with several techniques that allow us to bypass web filtering gateways like CS MIMESweeper. The following are some of them:...
2008 is gone! Let’s welcome the brand new 2009. Happy New Year! The GNUCITIZEN team wishes everybody a happy new year full of happiness and laughter...
It was quite interesting to watch the presentation of Jacob Appelbaum, Dag Arne Osvik, Arjen Lenstra and several other academic and independent researchers (for the complete list go here), especially when I thought their work will be related to breaking BGP. So it is not BGP...
Twice! First it was Dan Kaminsky and now it is Jacob Appelbaum and Alexander Sotirov. I am quite interested to get further details of their research titled Making the theoretical possible which should take place tomorrow at this year’s CCC event...
Magic tricks are all about suggestion, psychology, misdirection and showmanship (see Tricks of the Mind), or as Cutter perhaps will say, every magic trick has tree parts: the pledge (where the magician shows you something ordinary), the turn (where the ordinary becomes something extraordinary), and...
GNUCITIZEN