SECTORIX

Confessions of a Dangerous Mind

security

EXIF Cross Site Scripting, PHP Fun

As most security folks know, there are numerous ways to infect computers via infected image files, that contain binary viruses which are read/invoked by different image readers or the libraries that render them. From my perspective, looking into web application security, I had an idea.. Many websites and applications nowadays, look into the picture’s EXIF […]

, , , , , , , ,

CMS Hacking, Risks and Trends.

Yesterday, I presented in Imperva‘s monthly webinar (my employer and source of joy) the results of a trend analysis that i recently completed, which includes the research results in detail. We explored through the trends of CMS adoption in the market, a threat analysis of hackers trends with 3rd party code/software and CMSs specifically, and […]

, , ,

The thing with 0-day Java Vulnerabilities is…

A few days ago, KrebsOnSecurity published a very well written article discussing a new 0-day Java vulnerability, and its effect on the Bit9 Hack. now lets be honest – Java Vulnerabilities are the hottest thing in security news right now.. if a week goes by without a new 0-day, someone is slipping or sleeping. I […]

, , , ,

HULK, Web Server DoS Tool

Introducing HULK (Http Unbearable Load King). In my line of work, I get to see tons of different nifty hacking tools, and traffic generation tools that are meant to either break and steal information off a system, or exhaust its resource pool, rendering the service dead and putting the system under a denial of service. […]

, , , , ,

Looking into Refref.pl

I had some time finally to play around with Refref ( originally written for Anonymous ), and i really liked it. for those of you who are unfamiliar with Refref, it is an application denial of service tool, which uses an interesting vector of attack making it very effective. to my knowledge it exists as […]

, , , , ,