H said that there is a tool that will do the HTTP Mangler functionality out of the box. So here goes. WebScarab-NG is the tool that will do the trick. First we select the feature that will allow...
So everyone uses the live search engine with a ip: when trying to locate virtual hosts. I used domaintools in the past with good results, till they went fully pay-per-use. Checkout Reverse IP...
Many people took a crack at “what tool will work to replace mangler, out of the box” and so we have a bunch of new tools to play with.. Steven’s answer of MS-Word or PowerPoint left us scratching...
(my first X-Rated blog post.. i should hook up ad-words and watch the money roll in!) Ok.. our Zimbabwean recruit was posed the following question by some international academics: Q:”How would you...
So felten et al basically figured that cooling dram chips allows an attacker to move them to another machine where they can be leeched! The geek in me cant help but say “COOL!” According to the...
-sigh- the topic is stolen directly from the [DarkReading Article] -snip- Itâ€s yet another new spin on a pervasive attack — this time using the old standby Simple Network Management Protocol...
On a recent assessment we came across the following scenario: 1) We have command execution through a web command interpreter script (cmd.jsp) on a remote Linux webserver 2) The box is firewalled...
Peltier and Associates have released their massive “Peltier Effect – Year in Review 2007“. The collection comes in at a whopping 156 pages from a wide array of authors so there should be somethign...
“SensePost have once again been invited to join the South African Department of Trade and Industry at Cebit, as one of 10 SA companies, to exhibit on their pavilion. Visitors to this show range in...
Ok.. so the title clearly isnt true.. but it made more sense than saying something about the altered geographic location of someone’s dairy products. It is however true, that this particular blog...
At last years BlackHat USA a bunch of us played some American geeks a game of late night parking lot football.. Our victory there, and the 6 months of victorious memories from that night filled us...
Apparently the two _are_ mutually exclusive.. [according to the NY Times…] -snip- According to the study, published in February in Oikos, a highly respected scientific journal, the more beer a...
SourceBoston completed its first conference earlier this month, and some of the slide decks and videos are up.. While the image of the young hax0rs indeed brings back fond memories of surfing...
from the SourceBoston videos i blogged about: Dr Geer never dissapoints, and kicked it off with the 4 rules on his office wall: Work like hell, Share all you know, Abide by your handshake, Have...
Whoa! time flies when you having fun… (click for orig.)
Uninformed has certainly done awesomely at filling in the gap left when phrack went silent, but there is something nostalgic about reading phrack… it seems like issue 65 has just hit the streets..
Hello All, Some of you might remember that I climbed Mount Kilimanjaro two years ago. What you might not know is the REASON I did this (apart from the jol) was to o raise funds for CNCF, a...
Then you probably should get on this one… [Problems with Random Number Generator] While it looks like an arb openssl bug, 2 seconds of reading should get you to: -snip- It is strongly recommended...
Earlier this week we had an internal presentation on Attacking ActiveX Controls. The main reason we had it is because of the ridiculously high hit rate we have whenever we look at controls with a...
Some of the DC16 speaker summaries have been posted, and these 2 caught my eye: Time-Based Blind SQL Injection using heavy queries and New Tool for SQL Injection with DNS Exfiltration Both...
but since it made me eat crow, i figured i would share it.. Although i read a fair bit, i stopped really reading fiction many many moons ago. Its something i often feel ill try to get back into...
The recent Safari Carpet Bombing bug reported by Nitesh Dhanjani and ignored by Apple had all the makings of an egg-on-face incident. We were discussing it over foosball, and the obvious consensus...
since forever, i’ve been told (and told others) that the greatest threat is from the inside. turns out, not so much. verizon business (usa) apparently conducted a four year study on incidents...
I am probably one of the last ppl around to discover this, but ill post it here for the (probably) 2 other ppl in the world who have yet to stumble upon: Risky Business. Its pretty hard to find...
well.. 50% right.. But im not going to talk about FireFoxs record breaking download, or the bug that was released in record time.. but want to point you at Andy Inhatko’s review of Firefox3. Andy...
Cause this puts Perl right back in the game! -snip- > sudo perl -MCPAN -e shell cpan> install Acme::LOLCAT install — OK > cat demo.pl #!/usr/bin/perl use Acme::LOLCAT; print translate($ARGV[0]); >...
found this online last night. try in FF or IE7: javascript:document.body.contentEditable='true'; document.designMode='on'; void 0 then edit the page in-place, screenshot, and make your scam...
Mostly we have stayed silent, because too many people have commented too much already.. It was interesting however how Ptacek was quite deftly forced to eat his words by a Dan Kaminsky phonecall.....
Kaspersky will show how processor bugs can be exploited using certain instruction sequences and a knowledge of how Java compilers work, allowing an attacker to take control of the compiler. The...
While doing some prodding on SQL Server, i came across this newness (of course this is probably old hat to many SQL2005 dba’s) Essentially i was tryign to track down something in sp_addserver. The...