Pentesting like a Grandmaster materials - BSides London 2013 UPDATE: 2013-07-28 - Added link to BSides London talk interview NOTE: Will update the post as soon as video is available only slides and demos for now 🙂 BSides London 2013 was a blast as previous years, I received a lot of good feedback during the …
UPDATE: This probably only affects the VMWare image, you will know if it also affects the Kali install if your hashes match my sample hashes below. So the fine folks at offensive security released this new distro called "Kali Linux" recently, which is essentially: Replacing Backtrack Based on Debian (instead of Ubuntu) One of the …
Illusionism is just another form of Social Engineering (SE): The magician attempts to draw attention away from the trick to create an illusion of making the impossible possible. During the weekend I saw three fun tricks by Steven Fryne (aka Dynamo), the first one (walking on water) additionally shows the power of the media as …
At Brucon 2012 I had the privilege to present and demo VSA, the Virtual Scripted Attacker, a tool I had been working on with a great team of very talented people for a number of months. The talk was only 5 minutes long (a Lightning talk) so the presentation is brief. VSA is the first …
UPDATE: April 2nd - Added new pinning article thanks @an_animal! UPDATE: Feb 14th - Added (draft, initial) forensics section, Added pinning links, thanks @an_animal for most pinning resources! Android Security is like IPv6: It will catch you sooner or later :). It is becoming more common for Web Applications to involve a Mobile Application component. …
An interesting tool for Java source code analysis is OWASP LAPSE Plus. You can see the instructions to set it up on the project's page or here - LapsePlus_Tutorial. OWASP LAPSE Plus requires Eclipse Helios and a number of people who know more than me at stack overflow suggest that you should not install eclipse …
Here are a few links if you want to download the materials from the OWASP OWTF BruCon 2012 workshop that happened last week in Ghent, Belgium: - The slides are now online in slideshare - The demos, code and slides PDF can be downloaded from either of these: The OWTF Project Github page The BruCon …
IMPORTANT: If you are attending the "Introducing OWTF" BruCon workshop on Wednesday please download the latest OWASP OWTF and latest DEMO Report. Thank you! Another round of GIT hell has taught me a couple of things but finally, OWASP OWTF 0.15 is here for your entertainment! OWTF 0.15 "BruCon" is dedicated with special love to …
Background A recent data breach on the LinkedIn database leaked around 6.5 million salted hashes. This ignited a healthy debate in the security community: - Some people said you should only use bcrypt and that salted passwords are useless - It was clear that LinkedIn failed to salt their passwords: This is the immediate worst option …
UPDATE: I will update this blog post with links to the video when available NOTE: Remember there is a Download option in slideshare :). "That was best description of why cross domain policy is bad I've ever heard" - Full props to Robin Wood for those kind words re this talk! There are three versions …
