Blog

May 8th

2005

By scotsts_admin
Category: Vulnerability Management
Comments 0

IIS6 secure?

Richard Monson-Haefel: Is Microsoft IIS 6.0 more secure than Apache HTTP Server 2.0? Interesting posting on the relative security of IIS 6 and Apache 2.0. I’d agree that IIS 6 seems to have a MUCH better record than previous versions in terms both of vulnerability counts and initial configuration. The only caveat I’ve got on […]

Apr 24th

2005

By scotsts_admin
Category: Useful Links

Cool Windows XP Info. site

The Elder Geek on Windows XP

Apr 23rd

2005

By scotsts_admin
Category: Vulnerability Management
Comments 0

Very Nasty Unpatched Windows vuln.

File Selection May Lead to Command Execution This vulnerability doesn’t look tooo bad at first. If you can persuade someone to highlight a file in windows explorer then it executes some abitrary code, which it seems can do most things. However you’d have to get people to download the file anyway for it to work […]

Apr 21st

2005

By scotsts_admin
Category: Penetration Testing
Comments 0

cachedump

CacheDump: recovering cached password hashes on Windows Handy pen testing tool. Can be used to dump the hashes for cached passwords which windows holds so that you can logon to your local machine if the domain controllers not available or you’re not on the network (eg, laptops) One attack using this I’ve seen suggested is […]

Apr 20th

2005

By scotsts_admin
Category: Web Security

Interesting examples of XSS attacsk

Where’s the Beef – xss / bankofamerica.com.html / There’s an interesting list at this site of XSS vulnerabilities that the authors found…

Apr 20th

2005

By scotsts_admin
Category: Web Security
Comments 0

sql injection resources

ok recently I’ve been using SQL injection in some Penetration testing work I’ve been doing, so I thought it would be worth getting together all the links/White Papers I’ve been using/found useful. Start off with two papers, which are more advanced but which have been the most useful one’s I’ve found in the sense of […]

Apr 18th

2005

By scotsts_admin
Category: Misc.
Comments 0

Real Interesting Post: Microsoft in trouble?

christopher baus dot net This is a really interesting post covering why the author thinks microsoft is in trouble. There’s a lot in it I agree with. Definately Microsoft’s current attitude to parts of the developer community (VB6 in particular) seems likely to drive people to the competition… However I see Microsofts problem, from a […]

Apr 14th

2005

By scotsts_admin
Category: Penetration Testing

More Pen Test Resources

Professional Security Testers resources warehouse More info on Pen testing. Especially on this site, there’s a good link section.

Apr 14th

2005

By scotsts_admin
Category: Useful Links

Handy list of Security Whitepapers

White Papers – Web Application Security Consortium

Apr 10th

2005

By scotsts_admin
Category: Misc.

Gmail File System

Gmail Filesystem Not that I’d ever want to rely on this for any data I cared about, but it’s a really interesting idea and at current rates with the ~150 invites I’ve got access to I could create a 300GB filesystem all stored in gmail…….