Pressure Crack.
I know, I know... a really late start for the blog fad.I held off for as long as I could, but a lot of people were suggesting I keep a journal of all my nerd work. So I signed up for blogger. I'm...
View ArticleAutomated Script Injection, Additional Applications.
I've been thinking a lot lately about samy's myspace worm. A few weeks before samy's worm started making headlines a friend and I had designed something similar for a browser based sci fi mmorpg. In...
View ArticleClik here to view.
MSN Display Pic Recovery
Have you ever noticed that once you use an image as your display pic in MSN Messenger, it stays in the display pic list even after the image has been deleted? Well it does, and this entry will explain...
View Article01:02:03 04.05.06
Thanks to Mikko from F-Secure, I may have never noticedAn hour and two minutes after midnight tonight the clock will tick: 01:02:03 04:05:06This wont happen for another thousand years.Neat?
View ArticleGeeks Love Geek Company.
One of my oldest, most haxerish friends is coming for a visit. He'll be here in a few hours.I'm QUITE excited.
View ArticleSeasonally Exclusive Environmental Incompatibility
Hay fever.Late April and early May seem to be the worst for me. I've read that in April and May the offending pollen is from tree's, from may to july its from grass and after that its mostly ragweed...
View ArticleWeekend Pen Test.
As I mentioned on Friday a friend came to visit this weekend. While he was here we were asked to do some basic penetration testing on a website. We found a few interesting things that I'd like to...
View ArticleCookie Hacking Bookmarklet
A little while back Chris Shiflettposted on his blog about a quick and dirty way to modify cookies on-the-fly for pen testing web apps. He talked about having to manually escape the data for it to...
View Articlea few more Bookmarklets
So, I decided to write a few more bookmarklets to help with some basic web application auditing. here they are:methodToggle for toggling the method of a form.noMax for ditching the maxlength...
View ArticleClik here to view.
Dispelling Myths
Alright, so here's my beef. Someone claimed recently that they had developed a bandwidth consumption DoS. This, to me, is not a bad thing. Exploit developement can be positive and progressive. What...
View ArticleJavascript "Encryption"
Last night a friend pointed me at a forum where someone was 'daring' people to 'crack his encryption'. I absolutely love these challenges and always give them a try. In this case, the challenge wasn't...
View ArticleClik here to view.
MSN Handwriting Interception.
First, sorry for the lapse in posting, I've been busy with LIFE and a few very time consuming projects.Recently I was talking with a friend over msn messenger. They had some sensitive information to...
View ArticleA Study in Reverse Code Engineering (RCE)
For quite a while I've wanted to learn RCE. The ability to learn the subtleties of how an executable operates through runtime disassembly is an art and an incredible challenge. I've learned a few...
View ArticlePacked Executables
I have to apologize again for the lack of recent updates. I've been spending a lot of time looking for work and havn't had a lot of time to spend on this blog. Over the last little while I've been...
View ArticleWeekend Pentest
A friend asked me to have a look at some php he was working on yesturday and I found a few interesting little security weaknesses I'd like to discuss. First of all, maybe someone could help me out...
View ArticleNew Bookmarklets
I developed a few new web app pentesting bookmarklets this afternoon. If anyone has any requests, or bookmarklets of their own to share, please leave me a comment. Here are the new ones:Password2text:...
View ArticleClik here to view.
Authentication bypass.
This is an example of a far too common problem. Developers have a tendency to assume that client applications will always act how they were designed to act. This is fine if you're depending on them for...
View ArticleChasing Wild Geese? ...Keep Chasing.
I'm BACK! Sorry for the hiatus, I was preparing for and starting school. Now that things have gotten into a bit of a groove, I can get back on the HACK. The title for todays post is sort of...
View ArticleDefeating Dean Edwards' Javascript Packer
Today a friend passed me some obfuscated javascript and asked if I would help him decode it. I had a quick look at it and saw the following code fragment:eval(function(p,a,c,k,e,d){ ...This made me...
View ArticleRE: TAG or How I Got My Start.
Hi! Its been a LONG time since my last update but I'm making a resolution to start posting again. I got an email from Didier the other day prompting me to update my blog with a story on how I got my...
View ArticleThe Ellusive Negative Quantity Vulnerability
I guess I'm just going to pick up where I left off a few months back. Rather than backtracking over all the stuff thats happened between then and now, I'll just keep on posting as things come up.So...
View Articlel33t haxxors
I dont usually post on nontechnical subjects, but I'm making an exception:l33t haxxors - Episode 1l33t haxxors - Episode 2l33t haxxors - Episode 3Excellent comic relief for a tough day. Enjoy :)
View ArticleCSRF Dorks
You've all seen Johnny Long'sgoogle hacking databaseIts an excellent example of a full disclosure platform that helps raise awareness about vulnerabilities in the wild. I just launched the first...
View Article