At Brucon 2012 I had the privilege to present and demo VSA, the Virtual Scripted Attacker, a tool I had been working on with a great team of very talented people for a number of months. The talk was only 5 minutes long (a Lightning talk) so the presentation is brief. VSA is the first …
UPDATE: April 2nd – Added new pinning article thanks @an_animal! UPDATE: Feb 14th – Added (draft, initial) forensics section, Added pinning links, thanks @an_animal for most pinning resources! Android Security is like IPv6: It will catch you sooner or later :). It is becoming more common for Web Applications to involve a Mobile Application component. …
An interesting tool for Java source code analysis is OWASP LAPSE Plus. You can see the instructions to set it up on the project’s page or here. OWASP LAPSE Plus requires Eclipse Helios and a number of people who know more than me at stack overflow suggest that you should not install eclipse using apt-get. …
Here are a few links if you want to download the materials from the OWASP OWTF BruCon 2012 workshop that happened last week in Ghent, Belgium: – The slides are now online in slideshare – The demos, code and slides PDF can be downloaded from either of these: The OWTF Project Github page The BruCon …
IMPORTANT: If you are attending the “Introducing OWTF” BruCon workshop on Wednesday please download the latest OWASP OWTF and latest DEMO Report. Thank you! Another round of GIT hell has taught me a couple of things but finally, OWASP OWTF 0.15 is here for your entertainment! OWTF 0.15 “BruCon” is dedicated with special love to …
Background A recent data breach on the LinkedIn database leaked around 6.5 million salted hashes. This ignited a healthy debate in the security community: – Some people said you should only use bcrypt and that salted passwords are useless – It was clear that LinkedIn failed to salt their passwords: This is the immediate worst option …
UPDATE: I will update this blog post with links to the video when available NOTE: Remember there is a Download option in slideshare :). “That was best description of why cross domain policy is bad I’ve ever heard” – Full props to Robin Wood for those kind words re this talk! There are three versions …
OWTF 0.14 “London” is dedicated with special love to BSides London, its organisers and attendants! Usual background + Disclaimer: The Offensive (Web, etc) Testing Framework (aka OWTF) is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient @owtfp http://owtf.org WARNING: This tool unites many great tools, websites, knowledge and their associated power, …
I have had to travel a lot lately and there are some annoying issues I see as I take planes, this blog post combines some tips and tricks I have used successfully with the hope that they may be useful for you too :). Motivation – I do not like to see “first time fliers” …
This is a stability release fixing a number of issues I encountered as I was preparing my demos -1h :)- for HackPra tomorrow. I will try to explain this weird tool a bit better and look forward to your feedback :). OWTF 0.13b “HackPra” is dedicated with special love to HackPra, its organisers and attendants! …