Thursday, March 20, 2008

RedIris Conference

Hi all, the thursday 27 i will be talking on the "VI Foro de Seguridad RedIris", the topic of this Forum will be Web Application security. My talk is about "Common application security vulnerabilities" aka "The Usual Suspects". I will make an overview of the most common vulnerabilities, based on the OWASP Top 10.

If you want to have a good time and learn more about Web Application Security this could be a good oportunity.

The conference program can be checked here

See you there!

Thursday, March 6, 2008

MSRPC Auditing

Cody Pierce and Aaron Portnoy have released the Msrpc framework for auditing the Microsoft RPC protocol. The presented the tool in DeepSec 2007, it was a good presentation where they show us how they used to analyze RPC. Now the tools is available at Google Code.

pymsrpc is an attempt to develop a working library for communicating with remote Microsoft RPC endpoints. It includes an IDL parser and NDR data types for making requests.

The following toolset is recommended by them:
  • PyMSRPC consists of the following components
  • Lexer and Parse
  • A library of NDR objects
  • Utilizes Impacket from CORE for transport
  • Tie-ins for the Sulley Fuzzing Framework
This framework allows you to immediately communicate and audit an RPC service.

Wfuzz 2.2.0 released

I'm pleased to announce a new version of WFuzz! Wfuzz has been created to facilitate the task in web applications assessments and it...