Thursday, March 20, 2008
Hi all, the thursday 27 i will be talking on the "VI Foro de Seguridad RedIris", the topic of this Forum will be Web Application security. My talk is about "Common application security vulnerabilities" aka "The Usual Suspects". I will make an overview of the most common vulnerabilities, based on the OWASP Top 10.
If you want to have a good time and learn more about Web Application Security this could be a good oportunity.
The conference program can be checked here
See you there!
Thursday, March 6, 2008
Cody Pierce and Aaron Portnoy have released the Msrpc framework for auditing the Microsoft RPC protocol. The presented the tool in DeepSec 2007, it was a good presentation where they show us how they used to analyze RPC. Now the tools is available at Google Code.
pymsrpc is an attempt to develop a working library for communicating with remote Microsoft RPC endpoints. It includes an IDL parser and NDR data types for making requests.
The following toolset is recommended by them:
- PyMSRPC consists of the following components
- Lexer and Parse
- A library of NDR objects
- Utilizes Impacket from CORE for transport
- Tie-ins for the Sulley Fuzzing Framework
I'm pleased to announce a new version of WFuzz! Wfuzz has been created to facilitate the task in web applications assessments and it...
In one of the latest penetration tests we faced a SSH server that was based in Maverick SSHTOOLS. The funny thing is that this server was ...
In the last few weeks everyone has been talking about Shellshock, the vulnerability affecting bash and having security ramifications everyw...
Hi all, in this brief post i will like to share some new ezines about security that were relased this year, the first one is called Into the...