I was blind, but now I see! Last week I released a tool that extracts data from a database using Blind SQL Injection techniques. The tool asks a series of TRUE of FALSE questions. Many people are under the impression that this TRUE or FALSE questioning technique is the only way to extract data from […]
My third python web testing script in this series is a blind SQL injection script. It is used to automatically extract data from a MYSQL database using blind SQL injection techniques. There are already many tools out there that do this, but this one is a little different. It uses a different technique to extract […]
p0wnpr0xy.py is a simply python script that acts as a http/https proxy and launches commands such as sqlmap against targets that are in-scope. It relies on httpservers.py from gnucitizen to do the heavy lifting. You can download his module from here and save it to the same directory as p0wnpr0xy. When you launch p0wnpr0xy you […]
I have a couple of web application penetration testing script for you. I will start out with a really simple one. First is a script that will convert the parameters given on the URL as a HTTP GET into a HTTP POST. This makes it easier to demonstrate XSS vulnerabilities in a POST to your […]
Last year on the show, Marcus J. Carey presented a tech segment about using memory analysis in penetration tests. Memory acquisition came into its own for incident responders a few years back. Even before tools like Volatility, Memoryze or HBGary’s Responder were available, many incident responders, including me, used the strings command to perform rudimentary […]
At the podcaster meeting up at Shmoocon 2010 an interesting conversation ensued about the lack of business acumen among penetration testers. “Penetration testers don’t understand business and don’t know how to talk to our executives” was the charge. (IMHO it is my job as the CISO’s job to translate haxor geek speak into boardroom geek […]
Yes yours truly (Larry, that is) Will be teaching the 6 day SANS Wireless Ethical Hacking, Penetration Testing and Defenses (SANS 617) in Regina, Saskatchewan on March 23 – 28, 2009. As this is the first time Wireless Ethical Hacking, Penetration Testing and Defenses is being offered in Saskatchewan it is anticipated to fill quickly. […]
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.