We are pleased to announce the release of Suru version 2.0, our MITM proxy. Suru has now been rewritten to work with the .Net 2 runtime environment and includes all the features of the original...
A new version of Wikto is also available, which provides a more reliable web spider and also includes some minor bugfixes. More details regarding Wikto are available at...
The November edition of MSDN magazine [is available] and is another security issue.. The articles look interesting, and if you look closely you should notice articles by infosec rockstars like...
You can almost taste the fanboy excitement.. but im guessing there will also be the mandatory rush for the first big bug announcements.. There are a few things that look cool.. Apple joins the...
while waiting around for the PSW guys last night, it seemed like a good time to test our mettle on the foosball table. we’ve witnessed rapid development of general foos skills in the office since...
OK.. so part one of our pauldotcom interview has hit the interwebs.. it was fun and involved a power failure and a dog that chewed through charl’s microphone cable about 15 minutes before the...
Aka… A good weekend.. The weekend got off to a slow start, when Amazon claimed it would take a little longer than planned to ship us the “Web Application Hackers Handbook”. Fortunately it picked...
but Leopards default icon for windows machines has to rank up there with dvwssr.dll (yeah.. thats a BSOD) /mh ok.. who’s old enough? what was the similarity between this and dvwssr.dll ?
I’ve spoken before on how I like some of Simon T Bailey’s stuff and his general leetnesses…he has some gems… This one, on rational vs emotional commitment is quite leet and touches on a discussion...
Of course, Leopard’s new improved ™ finder includes an Itunes’esque “Cover Flow” view (which includes quick view thumbnailing quite impressively).. Of course, it means you get a better look at the...
Slashdot picked up on the blog post from Light Blue TouchPaper commenting on the fact that a researcher was suprised to discover that simply putting an md5 hash into google returned a hit with a...
So…because I don’t have a report to write this weekend I’ve had some time to ponder and reflect on stuff (and read my mail)- I thought I’d share some stuff that came to the fore of my mind again...
Dino is the guy who added much shellcode coolness to MetaSploit, gave the world Karma, released the first virtualization rootkit for Intel (Vitriol), and gave much credibility to the Matasano...
OK.. so it was a long time ago, and old code is supposed to embarrass you.. but i pulled casper.exe form our webpage today to test something for the project im on.. interestingly it runs pretty...
Rob had a rant on his site on the timing attack, with a CSRF twist.. We met him after our Vegas talk, but im not really sure how his attack differs from our published one.. my on-list response:...
Ok.. so being the cautious geek i am, i had bought a mac mini a while back before jumping into the OS X waters.. Unfortunately it was probably the last PPC mac mini’s sold, which means it has...
Amazon announced the beta of Amazon SimpleDB without that much fanfare, but it is an interesting trend to watch.. Essentially amazon are giving the power of a database to people used to excel and...
A while back some of us discovered and subsequently lost days to “The Python Challenge“. Well.. prepare to write off a little more time, and check out “Project Euler“. From its about page: ” What...
A long time ago i blogged on the joys of using VBS to automate bruteforcing [1|2]when one didnt want to mess about duplicating an applications functionality at the protocol level.. Yesterday i had...
a) At the end of the year we usually end up getting geek-gifts.. from SensePost, to SensePost.. Last years iPod nano’s were always going to be a tough act to follow.. but i think the picture says...
A seasonal Wikto version was released on the 22nd (Version 2.0.2911-20215) which has an issue with the web spider funtionality. HTTPS requests are being made in plain text, and this obviously...
Over the past while we have been getting emails from people trying to figure out why they had entries like this in their http log files: 10.10.1.136 – – [32/Dec/2007:25:61:07 +0200] “GET...
There has been a fair bit of blog buzz about the new SQL Injection worm that ran around infecting sites. I have not looked too deeply into it, but have not yet seen accounts of how the targeting...
a) its my birthday in a few days b) Apple just announced the new macbookair.. Coincidence??? i think not!!!
This quote reminded of something H always says: “When opportunity comes… its too late to prepare” – John Wooden – Hall of Fame Basketball coach
John is one of the bright guys over at NGS, and judging by his track record will boost the signal to noise ratio in the blogosphere.. You can read him at [aut disce, aut discede] (of course, in...
Black Hat DC this year is supposed to be “a different kind of Black Hat”. There are four tracks over the two days with a special emphasis on wireless and speakers include Chris Wysopal, FX from...
For those of you who have not yet tried it, check out Tooble. Its a point and click tool that lets you download videos from the youtube.. its pretty cool and allows u to pull/convert videos pretty...
While im into posting mac-links.. Check out [Webkit] A little while back i mentioned not understanding why anyone would run a closed source browser while a decent open source version existed.....
Old timers here will know about the concept of bruteforcing DNS using the clues available.. i.e. zone transfers disabled, but u see that the NS and MX servers are called gandalf.company.com and...