Archive for September, 2006
Social Networks the New Fingerd
Ring, ring…
“Hello?”
“Hi, I’m looking for Michael Daw?”
“Speaking, how may I help you?”
“Hi Michael, my name is Ian Lambert. I am a member of Pittman’s Recruitment. We specialise in security recruiting. We have a common acquaintance, Peter Smith?”
…
“Isn’t it true, its not what you know but who you know” I thought to myself as I put [...]
Log 0.8 – The Nightmare
It felt as if any minute, my heart would come tearing through my chest. I had stopped just outside the building to catch my breath.
As I looked out into the night I noticed something frightfully peculiar. At that moment my head felt as if it was in a James Bond cocktail.
“Nothing, absolutely nothing” I whispered.
The [...]
ASP Auditor v2 BETA
ASP auditor v2 BETA
Author david.kierznowski_at_gmail.com
http://michaeldaw.org
purpose: Look for common misconfigurations and information leaks in
ASP.NET applications.
# Changelog:
# –v2.2– 20/Apr/07
# * Added additional support for Anti-XSS Validation detection.
# * Added ASP Source Directory Leak Check
# * Added Apr/07 ASP.NET Validation Bypass Check
#
# –v2.1– 25/Sep/06
# * GET /Trace.axd often leaks ASP.NET version when other methods fail.
# * Fixed “?” [...]
Backdooring PDF Files
Updates:
20/09/07 – PDP’s PDF URI Parsing Vulnerability
04/01/06 – New PDF Vulnerability
Recently, there has been alot of hype involving backdooring various web technologies. pdp (arcitect) has done alot of work centered around this area.
I saw Jeremiah Grossman mention PDF’s being “BAD”, however, I was unable to easily locate any practical reasons as to why. I decided [...]
ASP Auditor v1.0 BETA
ASP Auditor v1.0 BETA
Author: David Kierznowski (david.kierznowski_at_gmail.com)
http://michaeldaw.org/projects/
PLEASE NOTE THIS V1.0 IS DEPRECATED.
Please see the following link for the latest information regarding this tool: http://michaeldaw.org/projects/asp-auditor-v2/
The purpose of ASP Auditor is to identify vulnerable and weakly configured ASP.NET servers.
Usage:
$ ./asp-audit.pl
ASP Audit v1.0 (BETA) [ david.kierznowski@gmail.com ]
Usage: [...]
