If you like this, you can use flattr. ;)
- Quickpost: Inspiring Windows software profilers and checkers
- 0x41 - back to bugs
- low footprint/hardware assisted virtualization with Linux and GrSec
- Postfix troubleshooting - a security nightmare
- New content soon
- 0x41 - (weekly) exploitation matters - Vista Heap, scripting debuggers with debug libs and how to learn to use that knowledge
- 0x41 - weekly exploitation matters - Shellcode and frameworks
- Explicit and implicit security in software development - measures and change
- 0x41 - weekly exploitation matters - Heap overflow fundamentals
- 0x41 - weekly exploitation matters - About
- wishinet: http://www.godblock.com/#what "block sexual, and psychologically harmful material" like "holy texts". Protect "from being indoctrinated"
- wishinet: Load average: 23.69 20.11 14.95 - jepp, this is obviously bad.
- wishinet: http://img2.moonbuggy.org/imgstore/ethernet-killer.jpg
- wishinet: According to my 400d stats the most viewed page at my blog is phpids's xss warning. You can do better! :)
- wishinet: I'm super-hungry after some meditation... guess this isn't normal. :-) 0xf000000d
UnprotectedHex - about formal software verification
Sean's blog
Xecurity - a security feed collecter
Reddit RCE group
Freedom To Tinker
Emergent Chaos
Woodmann RCE forums
OpenRCE community forums
SecViz - security data visualization
DAVIX Live - for security metrics
Hex Live
Security Metrics
Immunity's Free Software
Core Security's OpenSouce research
Zynamics Blog
haqs
How to get beyond mindless blindness - every-day social engineering
Tue, 03/09/2010 - 18:49 | wishi
Is everybody being deceptive?
When we're not there, we aren't there to know that we're not there.
I recently listened to the 7th episode of the Social Engineering podcast. - That made me take some notes, and I think I remember some quotes.
In short it was simply about using familiar routines - or those routines which should be familiar - in order to successfully blind somebody else's mind into a routine workflow.
Tags: The story of website password generators
Tue, 08/04/2009 - 18:52 | wishi
That's a good PW generator. There're others.
A lesson learned
A lesson a co-worker, Bob, learned recently was: never trust. He's a security minded and competent administrator and specialized at security. However - something we have in common: lazy.
When Bob recently created a bunch of new passwords, he used a website, created an account, and what's very convenient: all the generated passwords are stored in a table. He added some usernames and used the website a while. There're password recovery functions. A real work-saver, however the setup is not local and does not belong to the company.
A Paimei tutorial - simple heap-traceing - part 2
Fri, 06/12/2009 - 21:14 | wishi
Abstract
The following tutorial builds on the basics which are documented in the first part. For vulnerability discovery, debugging and fuzzing are essential. Furthermore the proper knowledge of memory management, assembly instructions and Python will still be needed. You cannot just scratch the surface while trying to explore these techniques. I wrote this tutorial to inspire people, or to help people coping with Windows and its restrictions. But most people in the fields will laugh at this and call it primitive. It is.
Windows 7 on a MacBook - dude, WTF?
Sat, 05/30/2009 - 22:42 | wishi
Yes, it works! How to make the possible easier
Normally on a MacBook you'd expect lots of compatibility issues. However this is not the case.
You just get "Error 2229" if you're going to install the standard BootCamp drivers. Well... here's an unofficial patch. It's using the old install trick: the installer has been extracted, the checkup has been modified, and it has been repacked. Without any guarantee - but it works. Afterwards use the official Vista update. That's it.
So fast - so weekly: a week of reading
Thu, 04/16/2009 - 18:06 | wishi
funny japanese wireless toilet control (source)
I just thought - because there's enough to read for everybody in IT security at the moment: keep this short and just list the stuff with some tiny little annotations.
So fast - so more or less weekly: programming in pentesting is more than essential
Sat, 04/04/2009 - 12:14 | wishi
