Blog (Default)

Jan 4th, 2010

Comments: 0
Category: Penetration Testing
Read More

Tools I use – Burp

I’ve been meaning to do a post on burp for a while, and courtesy of my new years resolution to stop procrastinating, here it is 🙂 I was thinking of a way to sum up burp, so far the best I’ve got is “If you’re doing web application testing and not using Burp, you’re missing […]

Dec 31st, 2009

Comments: 0
Category: Uncategorized
Read More

… And we’re back

So, we’re back from a bit of an unscheduled break for my web server. The hosting company had a bit of a problem with disks, so my VM has been out of action for a week or so. Luckily, my backups worked pretty well so minimal content lost. I’m using the rather unorthodox backup over […]

Dec 20th, 2009

Comments: 1
Category: Uncategorized
Read More

Nokia N900 – Ultimate Hackers Phone?

I got a Nokia N900 the other week and I’ve started playing around with the software. At heart it runs Maemo Linux which is based on debian, so in theory any software that runs on debian should run on the phone ! Also unlike other smart phones which can be coaxed into running linux, the […]

Nov 19th, 2009

Comments: 0
Category: Uncategorized
Read More

OWASP Scotland – November Meeting

OWASP Scotland November meeting is next Thursday, the 26th. We’ve got something a bit different lined up with the main presentation being one on physical security and lock picking (hey if you can break into the server room and take the box, who needs SQL injection ;oP ) More information here

Oct 28th, 2009

Comments: 0
Category: Penetration Testing
Read More

Tools I use – Dradis

I’ve been using Dradis for a couple of months now. It’s an interesting piece of software that’s designed to help teams of people share information on penetration tests. That said I find it useful on the tests I do even when I work alone. Essentially Dradis provides the base environment for users to work in, […]

Sep 11th, 2009

Comments: 0
Category: Uncategorized
Read More

OWASP Scotland – September Meeting

The OWASP Scotland september meeting is all set for Tuesday the 15th of September. We’ve got three good speakers lined up so, it’s shaping up to be a good meeting. More details here . Meeting is open to all, but if you’re planning to come along, please RSVP to me at this address, so we […]

Aug 26th, 2009

Comments: 1
Category: Penetration Testing
Read More

Testing SNMPv3

After encountering some SNMPv3 servers recently and looking into the differences from a pen. test perspective, I thought it may be worth a quick write-up. SNMPv1 and v2 do not respond when traffic is sent their way unless there is a valid community string in the message, a fact used by scanners like onesixtyone . […]

Aug 9th, 2009

Comments: 0
Category: Penetration Testing
Read More

Defcon 17

So I got across to Defcon this year (and of course security Bsides) There were several interesting presentations , here’s some notes on some of the ones that I got along to. The CD is up at defcon.org, and you can get the slides for most of the presentations there. SSL Talks – There were […]

Jul 26th, 2009

Comments: 0
Category: Uncategorized
Read More

Preparing for Defcon

So I’m off to Defcon and security BSides next week, and I thought a couple of precautions were in order before I go… 1. Tunnel all traffic through SSH to a trusted host, instructions here 2. Set iptables up to explicitly deny any traffic not travelling through the tunnel 3. Turn off any vaguely network […]

Jul 15th, 2009

Comments: 0
Category: Uncategorized
Read More

Oracle Mixin hits Metasploit trunk

The oracle mix-in is now in metasploit trunk so should be a snap to get working. Installation instructions are up here. Especially note the requirements for specific versions of the dbi and oci8 gems, later versions don’t always work as expected with some of the oracle exploit plugins.