Archive | Programming


22 September 2008 | 25,372 views

Modern Exploits – Do You Still Need To Learn Assembly Language (ASM)

This is a fairly interesting subject I think as a lot of people still ask me if they are entering the security field if they still need to learn Assembly Language or not? For those that aren’t what it is, it’s pretty much the lowest level programming languages computers understand without resorting to simply 1’s […]

Continue Reading

29 August 2008 | 8,098 views

ISR-evilgrade – Inject Updates to Exploit Software

ISR-evilgrade is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates and exploiting the system or software. How does it work? It works with modules, each module implements the structure needed to emulate a false update of specific applications/systems. Evilgrade needs the manipulation of the victims DNS […]

Continue Reading

18 June 2008 | 6,194 views

WikiScanner – Find Interesting Anonymous Edits on Wikipedia

Now this isn’t a new tool, and it’s not quite up to date as the author hasn’t updated it for a while – but it’s still exceedingly cool! As you know most IP addresses are registered to companies or organizations in blocks, so you can identify which network an edit is coming from as Wikipedia […]

Continue Reading

21 May 2008 | 4,876 views

Tmin – Test Case Optimizer for Automated Security Testing

Tmin is a simple utility meant to make it easy to narrow down complex test cases produced through fuzzing. It is closely related to another tool of this type, delta, but meant specifically for unknown, underspecified, or hard to parse data formats (without the need to tokenize and re-serialize data), and for easy integration with […]

Continue Reading

06 May 2008 | 6,171 views

Patch Window Shrinking – Semi-Automated Reverse Engineering

As far as I know this has been happening for some time, sometimes a patch comes out for a vulnerability that many people don’t know about (including the hackers) so they will see what problem the patch fixes (possibly through reverse engineering) then develop an exploit to leverage on the flaw. It seems things are […]

Continue Reading

14 April 2008 | 3,826 views

Keep on Fuzzing! Advice

As you will have noticed we’ve posted quite a number of Fuzzing Tools built around different frameworks and in different languages..most for difference targets/purposes too. Fuzzing has definitely exploded in the last year or so as more people try and understand it and code tools to automate the process. There are tools for Web Services […]

Continue Reading

20 March 2008 | 5,490 views

.NETIDS – .NET Intrusion Detection System

This tool is another one on the side of protection, again for web-based applications but this time for .NET applications it’s called .NETIDS (.NET Intrusion detection System). This tool is capable of detecting on attacks on web applications and gives the developer the possibility to react. The project files include filter rules and function stubs […]

Continue Reading

11 March 2008 | 6,600 views

Fusil Fuzzer 0.7 – Fuzzing Functions in Python

Fusil is a fuzzing framework written in Python and distributed under GNU GPLv2 license. Fusil allows you to easily write “Fuzzing Projects” from a set of functions such as: Create a process Compile a C program Watch a process Watch syslog and so on Fusil uses small “agents” which exchange messages to launch actions. e.g. […]

Continue Reading

29 February 2008 | 5,455 views

SCARE – Source Code Analysis Risk Evaluation Tool

The Source Code Analysis Risk Evaluation project is a study to create a security complexity metric that will analyze source code and provide a realistic and factual representation of the potential of that source code to create a problematic binary. This metric will not say that the binary will be exploited nor does it do […]

Continue Reading

22 February 2008 | 7,015 views

SWFIntruder – Analysis and Security Testing of Flash Applications

With a recent spate of attacks from banner ads (many of which are using flash) this might be a useful tool if you are using flash or more accurately flash applications on your website or portal. I did mention a Flash decompiler a while back, now we have SWFIntruder (pronounced Swiff Intruder), which is apparently […]

Continue Reading