Our Blog
HITB08 – Marcus Ranum Keynote on CyberWar..
I just managed to pull the HackintheBox torrents for their [2008 talks]. (SensePosters can grab a local copy [here]). I watched Marcus Ranums “Cyberwar is Bullshit” talk. A talk that was truly wince-worthy! While the talk will make you scream at the screen a few times, it is worth watching just to see the Q&A section after the talk.. It’s quite clear that Ranum gets owned more thoroughly than his online…
FW: HBN Extended Edition 9-13 March
Yes, it is time to offer some technical input by way of our HBN Extended Edition training. There will be no Christmas hat this time round but lots of valued input. We have scheduled our first training course for our new year, Hacking By Numbers – “Extended” Edition – for March 9-13th . The course runs for a full 5 days in Pretoria, South Africa. The HBN ‘Extended Edition’ is…
Joe Grand (Kingpin) gets famouser!
This is probably really old news (to some), but was in the company of sattelite TV this weekend and saw that Joe Grand now has a TV Slot all of his own. “Prototype This” looks like it will be awesome.. I spent the rest of the day trying hard to catch the adverts at just the right time to get a pic of Joe, while excitedly saying “i cant believe…
reDuh.ASPX
An additional issue has been discovered in the ASPX version of reDuh. Although the script did work as expected, it did not set the ScriptTimeout value. This resulted in reDuh terminating active connections once the page timeout had expired. This has been fixed in the ASPX version. A copy can be grabbed from here. More information regarding reDuh can be found here.
ASPX and reDuh
We’ve received a number of queries regarding folkses unable to get the ASPX version of reDuh to work. In truth, the client had a faulty HTTP implementation meaning that HTTP requests were malformed. Apache and Tomcat cope admirably with the malformed requests, IIS does not. So, we’ve built a new client version for reDuh which will play nicely with IIS. Apart from the bugfix, the new version also supports SSL. A direct link…
Vanilla SQL Injection is oh-so-90’s…wait…is it? (Jackin the K)
aka.. Someone put the hurtski on Kaspersky.. The Twitters (via XSSniper and others) and the Interwebs were ablaze with news on a SQL Injection vulnerability that was exploited on AV vendor Kaspersky’s site. Detail of the attack can be found here. It’s interesting that SQL Injection (though as old as the proverbial hills) is still such a major issue. In fact, I have it on good authority that the bulk of PCI-related compromises…
On Hiring Staff – The T-Shirt Method..
Anyone who has honestly reflected on what they know about hiring, will tell you that no matter how locked-down you think you have it, you dont. There is still way too much left to chance and way too much that you just dont know. To avoid this, companies that care about preserving their culture will sometimes adopt a “default deny” approach. It’s ok to miss a potentially good hire rather…
Turn of the century deja vu?
The recent widespread carnage caused by the Conficker worm is astounding, but is also comforting, in a strange way. It has been a good few years since the world saw a worm outbreak of this magnitude. Indeed, since the Code Red, Slammer and Blaster days, things have been fairly quiet on the Interwebs front. As a community, it seems we very quickly forgot the pains caused by these collective strains…
EDoS is the new DDoS ?
Over at [Rational Survivability] beaker as coined the term EDoS. To describe how “the utility and agility of the cloud computing models such as Amazon AWS (EC2/S3) and the pricing models that go along with them can actually pose a very nasty risk to those who use the cloud to provide service” Of course, this has kicked off the flurry of responses from “How is this different to soaking up…
RFP Spotting..
Not the boring pile of papers kind.. the shiny pants and sunglasses kind: Turns out you can find him blogging these days at [http://research.zscaler.com/] PS. if you dont know who RFP is, you are too young, and probably think w00w00 is leetspeak for a siren..