The Problem: The root of cross site scripting vulnerabilities (from now on referred to as XSS) is improper input sanitation to the server, which allows input of script commands interpreted by client side browsers. The most immediate outcome of such a script injection is the execution of commands on the client side. XSS is feasible [...]
Archive for June, 2006
Cross Site Scripting – Problems and Remedies
Posted: June 25, 2006 in Codes & Utilities, Programming, Security, Web Security11
Fyodor posted today the results of his 2006 survey on nmap-hacker list for the top security tool list. The detailed categorised list can be found at http://SecTools.Org. I found a lot of neat new projects and was happy to see metasploit included and nessus still topping the list inspite of its source being closed. Blogged [...]
A Perl script to list process info through WMI (local / remote)
Posted: June 20, 2006 in Codes & Utilities, Perl Scripts, Programming, SecurityA perl script to list all the current running processes / a particular process on an array of systems. Needs Windows Management and Instrumentation Service Enabled on the remote machine. Tested on Active Perl 5.6+ and XP. Useful for maintaining inventory information. Usefull to find an instance of say a suspicious process on all ur [...]
Exactly One year ago i had my open house at the university. Remembering the event i thought of the giant 10 feet poster i had made for my project :). A full version can be found here.
A WMI perl script for local/ remote OS info.
Posted: June 9, 2006 in Codes & Utilities, Perl Scripts, Programming, SecurityBelow is a simple perl script to fetch local / remote Operating System Information (for Microsoft Platform). Needs Windows Management and Instrumentation Service Enabled on the remote machine. Tested on Active Perl 5.6+ and XP. Useful for maintaining inventory information. use strict; use Win32::OLE(‘in’); use constant bFlagReturnImmediately => 0×10; use constant bFlagForwardOnly => 0×20; my [...]
"I can tell you I wish those people just would be quiet. It would be best for the world. That's not going to happen, so we have to work in the right fashion with these security researchers," Steve Ballmer at Microsoft's Worldwide Partner Conference in New Orleans. Source: Metasploit.
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables developers / researchers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public [...]
