DeepSec 2008
DeepSec 2008 took place in Vienna in November. For a period of two days attendees enjoyed a good set of talks, a good atmosphere and had the chance to talk to different people from different security...
View Articledradis v2.0 – flexibility unleashed
It has been a long time since the last formal release of dradis (remember the dradis v1.2 one-click installer?). But that does not mean we have been doing nothing in the mean time We have been working...
View ArticleBypassing Java thick client SSL checks
x509 certificate generation Generate the certificate using OpenSSL:- $ openssl genrsa 1024 > foo.key $ openssl req -new -x509 -nodes -sha1 -days 7300 -key foo.key > foo.crt $ openssl pkcs12...
View ArticleDEFCON 17: a late write up
This year's DEFCON was quite amazing, apparently 10k people showed up in the Riviera for it. This is a late write up because everybody knows already about the fake ATM and the RFID reader near the Wall...
View ArticleBeware of JBoss’“SecureIdentityLoginModule”
From JBoss' Community Wiki EncryptingDataSourcePasswords page: The org.jboss.resource.security.SecureIdentityLoginModule from jboss-jca.jar can be used to encrypt database passwords rather than using...
View ArticleJava Bytecode Injection
When assessing the security posture of a Java thick application we can usually process the code through a decompiler (such as Jad) and have a proper look at the code. It may be the case that we need to...
View ArticleDear Scammed Victim
Just got this on my inbox: Compensation From The Government. The Chairman DEBT MANAGEMENT OFFICE Committee On Government Compensation, Wuse Zone II, FCT, ABUJA.: Our Ref : FGN /SNT/STB Dear...
View ArticleRunning Dradis Framework in Ubuntu 10.10 (Maverick Meerkat)
This is a step-by-step guide on how to get Dradis (v2.6) up and running in a fresh install of the latest Ubuntu (10.10 - Maverick Meerkat). Lets create a folder in our home: etd@host:~$ cd etd@host:~$...
View ArticleRunning Dradis Framework in BackTrack4 R2
Following the series of articles on how to get the Dradis Framework running in different operating system, this time is the turn of BackTrack 4 R2. A couple of weeks ago we discussed how to get Dradis...
View ArticleCPNI Technical Note: Development and implementation of secure web applications
The Centre for the Protection of National Infrastructure (CPNI) has published today the Technical Note on developing secure web applications that I prepared a few months ago. Among the topics covered...
View Article
More Pages to Explore .....