Security
The thing with 0-day Java Vulnerabilities is…
A few days ago, KrebsOnSecurity published a very well written article discussing a new 0-day Java vulnerability, and its effect on the Bit9 Hack. now lets be honest – Java Vulnerabilities are the hottest thing in security news right now.. if a week goes by without a new 0-day, someone is slipping or sleeping. I [...]
Tomcat Enumerator (for MSF)
The Tomcat Enumerator for Metasploit Framework Gave myself a speed-coding challenge. have to introduce fun into coding or I will never do it. so i wanted to create something for the community that will allow fast enumeration of a Tomcat application server via the Metasploit Framework. I set myself for 2 hours this time , [...]
Database Enumeration Module (for MSF)
Introducing enum_db for Metasploit Framework Alright, so over the weekend I had time to convert some of my old scripts into ruby, because you have to keep your mind sharp in some way or another … when it occurred to me that I haven’t contributed to any open source project in a long long looooooooong time. so with the [...]
AppDoS Defined
This morning, an outline article defining AppDoS that I wrote, was published on Imperva’s Blog, have a read would you ? Link here. The article explores the differences between classic Denial of Service, and Application Oriented Denial of Service in a simplified manner.
LinkedIn’s No-CSO and my Personal Data.
The one thing that kept me thinking on a flight the other day was the latest new about LinkedIn’s 6.5 million password breach, and the followup lawsuit against it for violating its own privacy user agreement ensuring the security of one’s identity. and not specifically the story itself, but some of the aftermath that came [...]
Virtual Gold and Bot Threats
For the past couple of weeks, i have been away visiting Family in a country far far away, with an excellent internet connection and boring midnight hours, when I decided to play some games to help myself go to sleep. now, since this was quite an interest for me, I started looking in different sources [...]
Some Hulk Afterthoughts
It was great to see how much attention the Hulk tool got over a short period of time, and even considered a malware by some folks who didnt read the fine print of “educational experiment” labeling. got tons of questions and improvement suggestions while some missed the main idea behind this.. its not meant to avoid a [...]
HULK, Web Server DoS Tool
Introducing HULK (Http Unbearable Load King). In my line of work, I get to see tons of different nifty hacking tools, and traffic generation tools that are meant to either break and steal information off a system, or exhaust its resource pool, rendering the service dead and putting the system under a denial of service. [...]
Finding the best Web DoS Attack Url
Background To establish common ground, I would like to start by explaining some theory behind DoS attacks on the HTTP attack vector. An HTTP DoS attack is usually not based on a vulnerability or known flaw in a web server or a service, instead – its the attempt to bring a server down by using [...]
Looking into Refref.pl
I had some time finally to play around with Refref ( originally written for Anonymous ), and i really liked it. for those of you who are unfamiliar with Refref, it is an application denial of service tool, which uses an interesting vector of attack making it very effective. to my knowledge it exists as [...]
