Here are a few links if you want to download the materials from the OWASP OWTF BruCon 2012 workshop that happened last week in Ghent, Belgium: – The slides are now online in slideshare – The demos, code and slides PDF can be downloaded from either of these: The OWTF Project Github page The BruCon …
IMPORTANT: If you are attending the “Introducing OWTF” BruCon workshop on Wednesday please download the latest OWASP OWTF and latest DEMO Report. Thank you! Another round of GIT hell has taught me a couple of things but finally, OWASP OWTF 0.15 is here for your entertainment! OWTF 0.15 “BruCon” is dedicated with special love to …
Background A recent data breach on the LinkedIn database leaked around 6.5 million salted hashes. This ignited a healthy debate in the security community: – Some people said you should only use bcrypt and that salted passwords are useless – It was clear that LinkedIn failed to salt their passwords: This is the immediate worst option …
UPDATE: I will update this blog post with links to the video when available NOTE: Remember there is a Download option in slideshare :). “That was best description of why cross domain policy is bad I’ve ever heard” – Full props to Robin Wood for those kind words re this talk! There are three versions …
OWTF 0.14 “London” is dedicated with special love to BSides London, its organisers and attendants! Usual background + Disclaimer: The Offensive (Web, etc) Testing Framework (aka OWTF) is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient @owtfp http://owtf.org WARNING: This tool unites many great tools, websites, knowledge and their associated power, …
I have had to travel a lot lately and there are some annoying issues I see as I take planes, this blog post combines some tips and tricks I have used successfully with the hope that they may be useful for you too :). Motivation – I do not like to see “first time fliers” …
This is a stability release fixing a number of issues I encountered as I was preparing my demos -1h :)- for HackPra tomorrow. I will try to explain this weird tool a bit better and look forward to your feedback :). OWTF 0.13b “HackPra” is dedicated with special love to HackPra, its organisers and attendants! …
This was my first time speaking at Troopers in Heidelberg (Germany) and I must give a big thank you to the organisers who were really nice and helpful before, during and after the conference. If you attended my talk I would appreciate feedback (positive, negative and/or neutral :)). OWTF 0.13 “Trooper” is dedicated with special …
Usual background + Disclaimer: The Offensive (Web, etc) Testing Framework (aka OWTF) is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient @owtfp http://owtf.org WARNING: This tool unites many great tools, websites, knowledge and their associated power, please hack responsibly and always have permission. That being said, happy pwnage 🙂 OWTF 0.12 …
Where this came from – skip to the end for the challenge if you do not care 🙂 During the OWTF workshop at BSides Vienna the interaction with the audience was great. For the purpose of this blog post the conversation on embedding HTML input from an untrusted source developed as follows: – Olaf first asked …
