I will be speaking at Defcon 19 in Vegas next saturday, presenting OWASP Hatkit. I will do it jointly with Patrik Karlsson, who presented out of band channeling using sql injection at Defcon 15 a few years back. We have worked hard to implement *tons* of new stuff in the datafiddler, which has been kept [...]

I just got two of my project approved as official Owasp projects. These are the Hatkit Proxy and the Hatkit Datafiddler. In case you don’t know what they are, there is some information on the Owasp wiki Hatkit Proxy,Datafiddler and also a presentation I put up on slideshare about the Datafiddler here. Currently, I am [...]

I really like Mercurial (as in “distributed source control management tool” not as in a metallic element), but I am not that fond of the default look and feel of the web-publishing tool: hgwebdir. So, I am in the process of modifying and creating a custom template using a bit of jquery magic. Check it [...]

The last of the batch of tools which uses search engines is called IPSearch. That one is useful if you have a large list of ip-addresses, and you want to find out whether e.g if there are any virtual hosts which shares the same ips, or just generally what applications are hosted on the ips. [...]

A while back, I wrote about Googlyhack. While I was at it, I made two other similar tools that use search engines for other purposes – but I noticed recently that I had not written anything about them. The first one is Subsearch, which is a replacement for the old tool “Subdomainer”. Subdomainer does not [...]

I noticed that the GHDB-plugin from w3af was a bit deprecated and not quite flexible enough for my purposes, so I wrote a little tool to use GHDB database to find vulnerabilites for a site. Google has deprecated the old Soap-api in favour for a new Ajax-api which was really nice to work with. To [...]

As X-mas challenge for the Owasp Appsec Research 2010 conference, me and Mario Heiderich set up a Capture-the-flag at a computer. While .mario did all the tricky and brainteasing stuff with the actual challenge, I created a diversionary target which let me play a bit with low level packet shuffling in Python. The idea I [...]

Nu har jag återigen bytt CMS. Har gått igenom en del nu, körde på Serendipity (s9y) ett tag, sedan pluck, sedan lite django eftersom jag gärna ville köra Python. Har dock slutligen fastnat för WordPress. Hoppas jag inte behöver byta igen. Kommer inte uppdatera detta så ofta, detta är mest för att kunna publicera lite [...]

Jack C Louis, som på senare tid blivit allt mer känd för sitt arbete bakom Sockstress och sedan tidigare känd som upphovsmannen bakom Unicornscan avled härom veckan i en villabrand i sitt hem i Sverige. Troligtvis skedde det i denna brand – (dock obekräftat). Jag lyssnade på honom och Robert E Lee på SEC-T i [...]

Det finns vitt spridda föreställningar om att man kan undvika virus/malware genom att låta bli att ladda hem och öppna filer – vilket naturligtvis inte stämmer – drive-by downloading är ett känt problem som har funnits länge. Helt enkelt att antingen browsern själv eller någon plugin (flashmotor, pdf, msn etc) är sårbar och utnyttjas för [...]