Recently I wanted to do a Cross Site Request Forgery Proof-of-Concept for a file upload functionality. As you might know it is not necessarily as easy as simple form CSRFs. Read the rest of this entry »

In a recent project I tested a web service and we got a nice SoupUI project for it. SoupUI is a great tool but you somehow miss the nice features of Burp, such as the Intruder. But of course the idea comes immediately: why not to chain them? It turns out this is not as trivial as it seems for the first sight.
Read the rest of this entry »

This post is about how to create Linux binary executable shellcodes using msfpayload.

Read the rest of this entry »

This post is more of a note for myself then an interesting technical stuff but it might be useful for somebody else as well.

You might already know the Dradis Framework if not check it out here. It is basically a note taking web application which focuses on penetration tests and other security assessments. It allows testing teams to quickly share the collected information about the tested environment with each other.
Read the rest of this entry »

I didn’t even want to write about this, because hopefully it is not a wide spread problem but it is such a catastrophic programming mistake which I saw in a production system that I felt the need to talk about it. So to summarize this blog post in one sentence: total client-side exploit using user defined XSLT.

Read the rest of this entry »

I recently obtained the Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide book, so I figured I write a little summary about it as I did with the other security books that I read.

Read the rest of this entry »

I was lucky enough to do a penetration test on applications using Direct Web Remoting (DWR), and I would like to share my experiences. It is another interesting technology in the wild jungle of the web frameworks and libraries. It defines itself as follows:
“DWR is a Java library that enables Java on the server and JavaScript in a browser to interact and call each other as simply as possible.”
Read the rest of this entry »

The cloud is everywhere. It is all over us. But everybody knows that. I have been interested in could security for quite a while, so I decided to read a book to see how it is defined from A to Z today. After reading some reviews I chose the Securing The Cloud; Cloud computer security techniques and tactics written by Vic (J.R.) Winkler.
Read the rest of this entry »

Nowadays there are numerous web application frameworks to implement a rich web application. I have already written about one of them. These frameworks usually use AJAX and XmlHttpRequests filled with either XML or JSON. In this post I will write about the XML part. In that case the first step is always to fight with the XML parser on the server-side.
Read the rest of this entry »

This post will describe the general problem in having embedded devices in your network. Mitigation techniques and work-arounds will be shown how to reduce the risk introduced by them.

But to make it more interesting listen to this while reading.

So it all started with a network pen test which was like hiking in a rainforest and seeing all those weird animals and human-eating flowers that live there. All these creatures in the network were different very exotic embedded devices. They were really interesting as well as very much vulnerable.
Read the rest of this entry »