In addition to CGISecurity I work on other side projects from time to time. Below is my second announcement from my latest project. Introduction I have built out several penetration testing programs, both internally and externally at companies such as eBay, Paypal, and Box to name a few. Before you have the...
In addition to CGISecurity I work on other side projects from time to time. Below is an announcement about my latest project. Introduction I've worked in the security industry for over 20 years and, during this time, have built and shaped many security programs. At every company I join, I find myself...
To celebrate 25 years the phrack team has published issue #67. Introduction The Phrack Staff Phrack Prophile on Punk The Phrack Staff Phrack World News EL ZILCHO Loopback (is back) The Phrack Staff How to make it in Prison TAp Kernel instrumentation using kprobes ElfMaster ProFTPD with mod_sql pre-authentication, remote root FelineMenace...
I have just published the following article on handling application security defects (vulnerabilities) in development and QA. "If you've worked in information security you've likely had to report a security defect to development in an effort to remediate the issue. Depending on your organization and its culture this can be a rather...
In 2006 I gave a talk on hacking RSS feeds, and feed readers. I stumbled upon the video for blackhat 2006 by accident the other day and thought it was worth posting. Video: http://media.blackhat.com/bh-usa-06/video/2006_BlackHat_Vegas-V36-Auger_and_Sima-0day_subscriptions.mp4 Slides: http://www.cgisecurity.com/papers/RSS-Security.ppt Paper: http://www.cgisecurity.com/papers/HackingFeeds.pdf
For over a year in my spare time I've been working on a abuse case against transparent proxies at my employer, and have just released my latest paper '"Socket Capable Browser Plugins Result In Transparent Proxy Abuse". When certain transparent proxy architectures are in use an attacker can achieve a partial Same...
The Cross-site Request Forgery FAQ has been released to address some of the common questions and misconceptions regarding this commonly misunderstood web flaw. This paper serves as a living document for Cross-Site Request Forgery issues and will be updated as new information is discovered. If you have any suggestions or comments please...
Besides CGISecurity.com I'm involved with my other project QASec.com a new website aimed at teaching security throughout the development cycle with a heavy focus on security testing I've just written an article explaining how Quality Assurance Engineers can include security testing into their test plans. "Part of software testing involves replicating customer...
Identifying security defects before a product ships reduces the risk of embarrassing public exposure, the cost of repairing the defect, and the risk to your customers. Your customers will not forget being compromised via a flaw in your product, and they may try to hold you accountable. Properly performing this security validation...
This is a copy of the slides I used at my Blackhat 2006 talk and a link to the paper accompying it. Zero Day Subscriptions: Using RSS and Atom Feeds As Attack Delivery Systems (Power Point) Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations (Remote Copy)
I started researching RSS and Atom feed vulns last September but got distracted for 6 months or so with work/life. I've written a basic paper discussing the issues relating to Cross Site Scripting and web based feeds. I cover the risks associated with the following types of readers: * Web Based Readers...
Currently small informational tidbits about Cross Site Scripting holes exist but none really explain them to an average person or administrator. This FAQ was written to provide a better understanding of this emerging threat, and to give guidance on detection and prevention. This article also covers practicle examples of cookie theft, and...
Part two of "Fingerprinting port80 attacks". This paper provides information on web application attack forensics that will help you identify what an attacker might be doing. Part two covers attacks that where not mentioned in the first paper. Fingerprinting Port80 Part 2 (TXT) Fingerprinting Port80 Part 2 (HTML)
This paper helps describe an attack method often overlooked by programmers. It explains how modification of HTTP headers can cause possible system access, cookie theft/poisoning, tricked advertising, database injection, and other bad things in web statistical software Header Manipulation/Web Stats Software (TXT)(English) (Hungarian)
This is the first paper on web application attack forensics published. This paper will give you a basic understanding of what web application attacks look like, and how they are used in real life examples. Fingerprinting Port 80 Attacks (ENG) Russian (Local Copy) (Russian) (Chinese) Japanese translation "The paper provides a nice...
"Mailing lists are often archived for later viewing on websites. The software that archives these email messages may allow an attacker to execute commands, include false information, cause a wide scale browser DOS, and other possibilities." This paper covers potential uses/exploitation of this wide scale problem. Mail archives may allow distributed attacks...
