Anti DNS Pinning Without Using a Firewall

Kanatoko found a vulnerability in the DNS pinning used withing modern web browsers that can be exploited by simply shutting down an open port. This is far easier than the previous tec...

In Jan 01, 2010

DNS Pinning Just Got Worse

Amit Klein just published a rather interesting article on how anti-anti-DNS pinning techniques can be circumvented (counter counter measures). Namely how you can get around Host: head...

In Jan 01, 2006


Dealing With SEO/URL Rewrites

I’ve been thinking about how spiders work in the context of black box web application scanners.

In Mar 03, 2015

WordPress SEO CSRF

Well, it’s with a bit of a saddened heart that in the first few minutes of checking through the WordPress code for CSRF I found my first vulnerability. I sat on it for a week or so un...

In Jan 01, 2010

Robots.txt Just Isn’t Working For Me

Dear Search Engines,

In Jan 01, 2009

Malicious SERP Arbitrage Lessons

I spent the better part of my free time for today putting together a rather sophisticated search engine result page arbitrage tool. No, I won’t release this one. Partly because it suc...

In Jan 01, 2007

Detecting Spiders is the key to SEO

One of the major problems in blackhat SEO (search engine optimization) is detecting what is a robot and what is a user pretending to be a robot to detect what you are doing. There are...

In Jan 01, 2006


Solving CAPTCHAs for Cash

I had a really interesting conversation with a guy out of Romania this morning regarding a team of CAPTCHA solvers that he has set up. The basic premise is that he has 5 guys set up t...

In May 02, 2017

CAPTCHA Curiosity

Tim Tucker posted an interesting solution to some of the CAPTCHA solving stuff going around. He posted that to comment on his blog you must enter any data, as long as it’s incorrect. ...

In Jan 01, 2007


Warning Google Ads Being Used for Malware

This is actually a really serious issue that was sent to me. The funny part is that I’ve known this was possible for years now and even already put it into a presentation I’m doing in...

In Apr 01, 2016

Google Announces Invalid Domain Through Blacklisting

Click fraud is a big deal (Google claims it’s as low as a few percent but other leading industry experts disagree and put it much higher). I was actually fairly impressed that Google ...

In Jan 02, 2007


Google Files On the Internet

Ronald had a really good post about how Google’s files were open to the world. A few people messaged me and said they were surprised I didn’t jump on it the second it was mentioned. Y...

In Jan 02, 2007


Google Redirects Help Phishers Again

The site is down now, but I got yet another phishing email using Google redirection to hide the real address that the user is being forwarded to. Sorry for the super long line (had to...

In Mar 01, 2007

Google Files On the Internet

Ronald had a really good post about how Google’s files were open to the world. A few people messaged me and said they were surprised I didn’t jump on it the second it was mentioned. Y...

In Jan 02, 2007


Google Redirects Help Phishers Again

The site is down now, but I got yet another phishing email using Google redirection to hide the real address that the user is being forwarded to. Sorry for the super long line (had to...

In Mar 01, 2007


Preventing XSS Using Data Binding

Using data binding he can make JavaScript attach user content to the page while validating that it does not contain active content. That is, styles are okay, but JavaScript is not. Ve...

In Apr 20, 2016

Is XSS Good For SEO?

There’s an interesting post over at Venture Skills blog talking about if XSS is actually good for SEO purposes. While I don’t have any conclusive evidence that he is wrong or right (a...

In May 01, 2007


Does Surfing Without JavaScript Make You Secure

Welllll, as it turns out, we actually can still do significant recon without the use of JavaScript or Java or Flash. I think Jeremiah is going to wait until Blackhat Japan, so I’m not...

In Jan 09, 2015

JavaScript Port Scanners

In case you were living in a cave the last few days or aren’t subscribed to any of the security mailing lists out there, you probably already have seen these links but I’m putting the...

In May 05, 2007


Ladder Slasher Bot Source Code

Simply find it here: http://www.mediafire.com/file/hmknj2ehzmn/LSbotsource_v1.19.rar/file

In Jan 01, 2012

Sergio Proxy

So after a ridiculously long period of procrastination, I finally got around to updating Sergio Proxy to make it remotely usable. I was never very happy with how the initial code turn...

In Jan 01, 2009


Sergio Proxy

So after a ridiculously long period of procrastination, I finally got around to updating Sergio Proxy to make it remotely usable. I was never very happy with how the initial code turn...

In Jan 01, 2009


IP Camera Control Protocol is Not Safe

When I first started on this post, I intended to write about some fun things one can do with a $30 Rosewill IP camera (RXS-3211). While I still intend to do this in the near future, I...

In Jan 01, 2009


IP Camera Control Protocol is Not Safe

When I first started on this post, I intended to write about some fun things one can do with a $30 Rosewill IP camera (RXS-3211). While I still intend to do this in the near future, I...

In Jan 01, 2009


Detecting Privoxy Users and Circumventing It

TOR is a pretty cool idea. It’s partially a rip off of a very old project that I helped out with in it’s inception with a bit of peer to peer built on top of it to help with anonymiza...

In Apr 20, 2009


APWG and OpenDNS

After reading a comment by David Ulevitch on a post by Dragos Lungu I was pretty interested in reading a new press release from OpenDNS on how they are “partnering” with the anti phis...

In Jan 01, 2010


Laptops aren’t firewalls

As if you needed another reason to visit Blackhat this summer, two researchers just found a way to hack into wireless cards remotely and take over laptops. David Maynor and Jon Ellch ...

In Mar 02, 2015

How To Access Blocked Websites

I happened upon an article last night talking about how to access blocked websites. First of all, this is sorta missing a major component that most people are actually concerned with,...

In Jan 01, 2015

Accessing Trillian Pro Remotely and Through an Encrypted Tunnel

I am writing this because I constantly run into situations where people want to do things like browse the web, or talk over the net but they don’t want their office to see what they a...

In Dec 12, 2012

Bypassing Firewall Restrictions Via SSH Tunneling

Bypassing Firewall Restrictions Via SSH Tunneling

In Jan 06, 2012

SSH Proxy

This article was inspired by RSnake’s article on using Trillian behind firewalls, but takes it a few steps further to let you proxy any application that supports proxying.

In Dec 11, 2011

Hiding Services from NMAP Using Non-Standard Ports

Most system administrators know that using non-standard ports for some services can be a useful way to hide ports from both automated attacks and less determined attackers. In additio...

In Feb 01, 2011

FireSheep Reviews

I go back and forth on whether I think FireSheep is interesting or not. Clearly, it’s old technology re-hashed. But it is interesting not because it works, but that it surprises peopl...

In Jan 01, 2010


Example of an Old Gmail XSS Exploit on Android

This post documents an XSS vulnerability that I discovered in the default Gmail app (v1.3) provided by Google in Android 2.1 and prior. All versions included in Android up to and incl...

In Jan 01, 2010


The Effect of Snakeoil Security

I’ve talked about this a few times over the years during various presentations but I wanted to document it here as well. It’s a concept that I’ve been wrestling with for 7+ years and ...

In Apr 20, 2011

Detecting Malice With ModSecurity

Ryan Barnett has a new series he’s doing called Detecting Malice with ModSecurity that I wanted to spend a minute talking about. Firstly, it’s personally interesting, because he’s usi...

In Jan 01, 2010


Mutli Threaded Digital Rights Management

After Sony’s DRM rootkit fiasco, I started thinking about the concept of threaded digital rights management. The concept is simple enough. Let’s say you have two computer programs. On...

In Jan 01, 2010


Hack Detection Methods in Online Games

I - Introduction

In Jan 01, 2010


Minimalistic UI Decisions in Browsers

I’ve tried to talk about this a few times to people over the last year or so, but I think it’s hard to explain without pictures. So I gathered a bunch of screen shots that should help...

In Jan 01, 2010


PlayStation 3 Hacking

Anathema sent me a link to a few posts he made to discuss PlayStation 3 hacking.

In Jan 01, 2010


Diablo 2 Redvex

RedVex FAQs:

In Jan 05, 2016

Using Sockcap To Get Around Realm Down in Diablo 2

I got tired of everyone always asking how to get around a IP ban in Diablo II…. So I decided to write this tutorial.

In Jan 01, 2013

Start to security

Is is a start to SECURITY not hacking . Remember thatAnd have a great time reading this…

In Jan 01, 2010


What are the odds of a small wordpress site getting hacked?

The blackbox security analysis is worth discussing further, since I don’t think I went into enough detail on my last post, so here it is:

In Jan 01, 2010


Myspace was a hotbed for 0-day exploits

I laughed out loud when I read this. Kuza55 found another issue in MySpace again today using the exact same exploit that we have been trying to get them to close FOUR separate times n...

In Jan 02, 2010


DNS Rebinding in Java

Stefano Di Paola has an interesting article about DNS Rebinding in Java. Apparently he’s found a way to bring back some of the older exploits that were supposedly fixed in Java back i...

In Feb 10, 2010


Why Emails Are Still A Persisting Issue For IT Security

Email mishaps are all too common. As a cyber security business Cyber Security suggest being extra careful when sending emails…

In Apr 05, 2019

Email Obfuscation and Spam Robots

I’ve long been interested in spam and robots that scrape for email addresses. I’ve done tons of work in the space, although I’ve never published any of it. Call it more of a side hobb...

In May 03, 2012

Changing Email Addresses For Spam

While looking back at some of my old speeches, and after writing the last blog post it occurred to me there is another attack I haven’t heard anyone talk about. Often times spammers w...

In Apr 05, 2011


How to Get Rid of MacDefender

A recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus. The user is t...

In May 01, 2011


Remote Firefox Vulnerabilities

Brian Krebs at the Washington Post had a story about a post by Chris Soghoian who found that you can use a MITM attack to overwrite addons in Firefox. Actually, believe it or not, I w...

In Sep 09, 2011


Cool Hacker Magazines

In my ongoing effort to learn more and stay informed about everything in the security industry, I have come across a few security focused magazines to assist me with that ideal. Over ...

In Nov 05, 2011


Reverse Engineer with Dll Injection

PostPosted: Sat Mar 18, 2006 12:29 am Post subject: Dll Injection Reply with quoteThis is my old tutorial on dll injection…people have been asking about this topic a bit recently,...

In Jan 01, 2012


Creating AutoIt Bots for Online Games

I created this post because I want to suck up space and waste peoples time who read it, if you don’t like what I have to say, just move on and ignore me hence-fourth, thank you.

In Feb 02, 2014

Want to Learn C++?

The first question you need to ask yourself is, “do I have the patience to learn?” Programming can be very frustrating, take vast lengths of time, and give you many unexpected errors ...

In Feb 02, 2012


Detecting some forms of MITM attacks

There are quite a few different methods of performing MITM attacks, but one in particular kinda struck my fancy early on when I was thinking about airpwn. In the case of airpwn and si...

In Apr 02, 2012


HBO Max leaves Linux users hanging

Linux users are usually happy with the software we have available: if we don’t have Photoshop, we use GIMP; if we don’t have Sony Vegas, we use one of the many video editors available...

In Aug 30, 2020

WSU Wireless with PEAP in Ubuntu

This guide shows how to use the new WSU PEAP wireless deployment with Ubuntu 7.10+ and should work with the various derivatives such as Kubuntu.

In Feb 12, 2018

Big List of Network Security Tools for Linux & Win32

Manually Compiled. This list is for information and educational purposes only. I will not hold responsibility for any abuse of these tools. Some of these tools are Linux-only. I will ...

In Jan 01, 2013


SSL Can Hurt Security

SSL can actually harm web application security auditing and intrusion detection. In fact, SSL can actually make it next to impossible for you to do forensics in the aftermath of a suc...

In Mar 12, 2013


Kernel Panic on macOS Mojave

Many Apple users have a complaint that after restarting their Mac they can see a message “Your computer restarted because of a problem”. This unknown error is known as kernel panic. H...

In Jan 01, 2020

iCloud Contacts Not Syncing to macOS Mojave

Many Apple users have a complaint that iCloud contacts not syncing to their Mac. They said that this problem occurred after updating Mojave. Here I am going to tell you the solutions ...

In Sep 01, 2017

macOS Mojave Slow Boot

Every update of macOS creates many problems on Mac. Likewise, Mojave also has some issues. One of the important issue is Mojave takes longer to boot. Some people said that Mojave won’...

In Jan 01, 2017

MacBook Battery Draining Out Quickly

Many of the Apple users have a complaint that the MacBook battery is running out quickly. This problem generally occurs after updating your Mac to the latest version. But, this is not...

In Jan 20, 2016


How To Prevent Unwanted Windows Programs From Loading At System Startup

We all have them in our system tray, programs that load up and use precious memory resources and take up valuable space on your taskbar. Some of them you need, but most you can do wit...

In May 01, 2016


Getting a VPN Router

A Router is a computer that has minimum of at least two network interface cards that supports the internet protocol. It decides on how to forward IP packets and connects the network t...

In Jan 02, 2020

VPN on Satellite Internet Service

VPN set up with satellite Internet have been all tried and executed. But then again, these two technologies are not entirely at harmony with each other. Initially,

In May 22, 2019

VPN Components By Cisco

The features of Cisco Integrated Services Routers are

In May 20, 2019

About VPN Client Software & Hardware

VPN client software is for small branch offices and home users. Many VPN clients are available in the market. These depend on the configuration of the machine and the protocol they ar...

In May 20, 2019

Open VPN - A cheap alternative to VPN

One of the traits of a system administrator is to provide to the employees tools that can help them in their jobs. Some tools can be useful and may be costly. Some are available and c...

In Feb 18, 2017


Anti-Splog Evasion

I know I’m really going to kick myself for this one, as it will no doubt come back to haunt me, but I’ve been thinking about this one for a long time. One of the things that Blackhat ...

In Jan 01, 2018


Who Should Be Responsible For Cyber Security Inside Of A Small Business?

When it comes to being responsible for a company’s cyber security, it is the IT department that carries the most weight. For such companies, cyber security becomes a second-tier prior...

In May 05, 2019

Small Businesses Combat Cyber Threats

Companies of all sizes need to take cyber security seriously. There are, however, a number of small businesses which assume they are not vulnerable to cyber-attacks. One of the reason...

In Jan 01, 2019

What’s In Store for Cyber Security In 2018?

2018 is expected to be another year that comes with increased concerns for cyber security. It will not be any different from 2017, the year when data breaches were reported in Kmart, ...

In Feb 02, 2018


Linking Your Computers with Hamachi VPN

Since the arrival of Hamachi VPN, our lives have simplified. No more hassles trying to establish a network between different computers, or fiddling with the Windows configuration (whi...

In Nov 01, 2018


3 Tips On How To Improve Cybersecurity At Your Small Business

Cyber security companies can make sure that your online security remains secure. One suggestion to improve cyber security in your business would be to train your employees, enforce a ...

In Jan 01, 2019


Best DNS benchmark Testing Tools for Mac

Whenever you try to approach one website, the DNS server will resolve the IP address of the particular website. Generally, your device ISP(Internet Service Provider) always provides t...

In Feb 01, 2019


Cyber Security Skills – A UK Government Priority

In the UK there is a huge demand for skilled cyber security services and ISO 27001 consultants, a demand, that isn’t being met. The government are well aware of this. The government b...

In Feb 01, 2019


Running a Proxy Server as a Webmaster

Benefits of Running a Proxy

In May 10, 2020


Clandenstine Hosting

On-premise and cloud servers are compromised, abused, and leased as part of the sophisticated criminal monetization lifecycle, Trend Micro says.

In Jun 07, 2020


Aurora OS developers included a memcpy fix in Glibc

The developers of the AuroraOS mobile operating system (a fork of the Sailfish operating system, developed by the Open Mobile Platform company) shared a solution for a vulnerability t...

In Jul 16, 2020


Microsoft releases Procmon for Linux as open source

Microsoft continues to demonstrate its “love” for Linux by releasing more components that end up in the Open Source system. The Redmond giant has released quite a few components throu...

In Jul 23, 2020


Tip to make your Raspberry Pi 4 Much Faster

If you want your Raspberry Pi 4 to perform at its best, this trick will help you get the most out of it when using USB storage devices.

In Jul 27, 2020


Raspberry Pi OS makes the jump to Linux 5.4

For a long time, and if I’m not mistaken, this has been the case from the beginning, the official operating system for Raspberry Pi plates was called Raspbian. A few months ago, the c...

In Aug 30, 2020


Access Twitter with privacy and free software, with Nitter

Twitter is a centralized social network and requires the use of proprietary software. Consulting Twitter with the browser in a decent way without losing privacy or freedom is practica...

In Sep 21, 2020


Bypass Geo-Blocking With PureVPN. Best VPN