I just finished reading two electronic books I bought from O’reilly. Here is a short review on them. Hacking: the next generation The purpose of this book is to give to the readers an overview of the most common attacks nowadays. It covers all fields : social engineering, web attacks, networking, etc. It was easy [...]
Archive of posts filed under the Hacking category.
Simulated massive cyber attack filmed by CNN
This video, while “amusing”, is quite interesting : Though not many details are given, I am quite skeptical about the possibility of such a massive attack. However, it shows well that security is not just a technical matter. It has many implications in law, politics, economics, and a whole information system must be prepared to [...]
waf00f
waf00f is another nice fingerprinting tool. It is a good complement to a tool like httprint. It is able to detect Web Application Firewalls. Its output can help you to determine the trust you can have in what httprint or any other web server fingerprinting tool found out. Check it there.
ModSecurity 2.5 review
I finished reading the ModSecurity 2.5 book, written by Magnus Mischell and published by Packt Publishing. I found a lot of interest reading it as I was already using ModSecurity – and I think anyone exposing an Apache web server should. I was actually using it partially. It is not trivial to secure a web [...]
Yersinia : patch to compile under openSUSE (11.1)
Yet another post in the series of compilation failures due to unexpected libraries paths. This time, it is about Yersinia and the ncurses library. I made the following yersinia-opensuse11.1 patch which should work for openSUSE 11.1 and maybe other versions or distros.
Compilation of PackETH on openSUSE
PackETH is a nice gkt tool to play with Ethernet packet. I encountered some path issues with the Makefile and openSUSE 11.1 64 bits to compile it, so here is the packETH-opensuse patch to compile correctly. If you are on a 32 bits system, all you will have to do is editing the CPPFLAGS line [...]
Prads – a new passive scanner !
Edward Bjarte Fjellskål contacted me to let me know about a new program he, Kacper Wysocki and Jan Henning Thorsen made, called Prads. Prads is a fingerprinting scanner, coded in Perl. I am fond of this kind of tool, so I enjoyed checking it out. Prads operates differently from Nmap or SinFP that I already [...]
Windows 7 UAC security design flaw
Video of a dummy vulnerability on Windows 7 . More info there. It is incredible that Microsoft invests so much money in its security and that there are still such a bad security design for programs that in no way should be granted any administrator access (calc.exe or notepad.exe). Also, I can’t imagine that no [...]
