May 27th, 2008
Am I being pedantic in reporting a CSRF vulnerability?I have had the (bad?) luck of being in the position of reporting vulnerabilities to many software vendors.Most of these were web application related. Wether I did it for fun, for commitment or for my own site security I always liked the reponsible disclosure approach.
I feel, we good guys, should help the developer community learn from their mistakes with some compassion.
But the more I work in t […]
Read the original post:
Security, am I phobic?
Posted in Exploit | No Comments »
May 23rd, 2008
Well for those of you living in and around Mumbai, India, it might be easier then you think!
Security Brigade and National Anti-Hacking Group …
The rest is here:
Want to learn to hack in 5 Days??
Posted in Exploit | No Comments »
May 23rd, 2008
Firefox developers are developing new technologies that aim to fight web application vulnerabilities such as Cross-Site Scripting and Cross-Site Request Forgeries.
One feature will need web developers …
Read the rest here:
Firefox developers aim fight web application threats
Posted in Exploit | No Comments »
May 23rd, 2008
Bunny the Fuzzer - A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.
Read more:
bunny-0.93.tgz
Posted in Exploit | No Comments »
May 23rd, 2008
FSlint is a toolkit to find various forms of lint on a filesystem. At the moment it reports duplicate files, bad symbolic links, troublesome file names, empty directories, non stripped executables, temporary files, duplicate/conflicting (binary) names, and unused ext2 directory blocks.
Continued here:
fslint-2.26.tar.gz
Posted in Exploit | No Comments »
May 21st, 2008
Manuel Caballero’s speech at Microsoft’s BlueHat conference has gifted a nice thrilling story to talk about. Giorgio Maone and sirdarkcat are trying to descramble the …
View original post here:
Cross domain thriller
Posted in Exploit | No Comments »
May 20th, 2008
ttyrpld is a kernel-based TTY shell, screen, and key logger for Linux, FreeBSD/PCBSD, and OpenBSD. It has a real-time log analyzer. It supports any TTY type (vc (console), BSD/Unix98 pty (xterm/SSH), serial, ISDN, USB, etc.).
See the original post here:
ttyrpld-2.51.tar.bz2
Posted in Exploit | No Comments »
May 20th, 2008
SQL fuzzing utility written in Python.
See more here:
d3sqlfuzz.py.txt
Posted in Exploit | No Comments »
May 20th, 2008
rtpBreak detects, reconstructs and analyzes any RTP [rfc1889] session through heuristics over the UDP network traffic. It works well with SIP, H.323, SCCP and any other signaling protocol. In particular, it does not require the presence of RTCP packets (voipong needs them) that are not always transmitted from the recent VoIP clients.
See original here:
rtpbreak-1.3a.tgz
Posted in Exploit | No Comments »
May 20th, 2008
zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program’s input. zzuf’s behavior is deterministic, making it easy to reproduce bugs.
See the rest here:
zzuf-0.11.tar.gz
Posted in Exploit | No Comments »