dradis

December 11th, 2007

dradis is a tool for sharing information during a pentest. If you are part of a team of testers working against the same set of targets, you will need to comunicate with each other. The most efficient this communication the more chances of a successful breach you will have.
Read the rest of this entry »

Popularity: 30% [?]

Posted in Networking, Ruby, Security | 1 Comment »

yl18.net: the chinese menace

November 16th, 2007

This is the story of an attack I had to investigate for a client. The synthoms: mass defacement of web pages in the server, the only tool: roughly 1GB of web server log files.
Read the rest of this entry »

Popularity: 10% [?]

Posted in Security | 1 Comment »

Net::DHCP

November 5th, 2007

The aim of Net::DHCP (hosted at RubyForge) is to provide a set of classes to low level handle the specifics of DHCP (rfc2131, rfc2132, etc.) in ruby.

With Net::DHCP you will be able to craft custom DHCP packages and have access to all the fields defined for the protocol.
Read the rest of this entry »

Popularity: 18% [?]

Posted in Networking, Ruby | No Comments »

sql injection: inference attack

November 5th, 2007

SQL Injection is the process of injecting SQL commands into strings processed by an application. This is possible when there is insufficient validation of user input before it is executed in dynamic SQL queries.

Different types of attack exist and not all of them are suitable for every situation.
Read the rest of this entry »

Popularity: 9% [?]

Posted in Security | No Comments »

check for robots.txt

October 23rd, 2007

Some times it is useful to check if a given HTTP server has a robots.txt file in it. If it exist it may disclose interesting information, useful for a pentest :)
Read the rest of this entry »

Popularity: 29% [?]

Posted in Networking, Security, Shell Script | No Comments »

rComic: comic strip downloader

October 23rd, 2007

rComic is a small script to download and display Internet comic strips. To add new strips, you only need to modify the config file. And it is an interesting exercise to play with the Net::HTTP and YAML libraries.
Read the rest of this entry »

Popularity: 22% [?]

Posted in Ruby, Shell Script | No Comments »

jack bauer and the coffee

October 13th, 2007

jack bauer cup, picture 1jack bauer cup, picture 2

Popularity: 18% [?]

Posted in Uncategorized | No Comments »

using the fox toolkit in ruby

October 2nd, 2007

The fox toolkit is a portable C++ graphical library. If you download old code (such as the nice rubyforger – that sits on top of libnet and libpcap) you may end up with some headache, so these easy steps will help to get your fox application up and running :)
Read the rest of this entry »

Popularity: 18% [?]

Posted in Ruby, X Windows | No Comments »

ninja iptables for your server

September 14th, 2007

Security is often about layers on top of layers on top of layers… And one of these layers is usually an iptables firewall installed in your server. Let’s create a small script to provide our server with the kung-fu fighting techniques needed to defeat the black hats!!
Read the rest of this entry »

Popularity: 29% [?]

Posted in Networking, Security, Shell Script | No Comments »

harden your apache+php installation

September 14th, 2007

Instructions follow on how to build and harden one of the most common configurations out there.
Read the rest of this entry »

Popularity: 16% [?]

Posted in Networking, Security | No Comments »

« Older Entries
Newer Entries »