• I’m a little confused.  Milw0rm lists this article as posted in November of 2006 – two years ago (  Is this just a cross post or did Craig Heffner actually produce this content for EHN?  Adding a dig for content posted on milw0rm, packetstorm and other sites seems a little odd.  I did find the PDF format on mil…[Read more]

  • On the other hand…

    If you want to learn about web application exploits knowning C, Perl, and all about memory addressing won’t be of very much use (exploiting a C based CGI web application or Perl web application aside).  In order to exploit an application you have to understand the technologies on which it rests.  Web application technology u…[Read more]

  • mad_irish replied to the topic Login Hacking? in the forum Tools 13 years, 1 month ago

    Brutus AE2 or THC Hydra fit the bill.

  • mad_irish replied to the topic OSSEC v1.6 Released in the forum Tools 13 years, 1 month ago

    I think this might be a dupe of  OSSEC v. 1.6 😉

    Version 1.6 might not be completely ready for prime time yet though.  There have been numerous problems reported with the release, including non-functional Windows active response.  The main developer, Daniel Cid,  recently wrote to the OSSEC mailing list:

    Hi all,

    I think I figured out what was…[Read more]

  • Chrome sports quite a few neat security features that are intriguing.

    The sandboxed tabs seems to be one of the best features in the new browser, which will limit data leak from one tab to another.  Whereas most browsers run each tab inside the parent process, with Chrome, each tab is it’s own independent process.  This means that one tab can’t r…[Read more]

  • What’s even scarier is that tactic fails to prevent many common phishing tactics.  For instance, using a domain name that looks like the target in specific fonts (substituting 1’s for lower case L’s for instance) or misspelled domain names.  Not to mention that if a link spans multiple lines and it’s sometimes tough for users to cut and paste t…[Read more]

  • Certification, in the end, stands as independent verification that you passed a test.  The test criteria and the respectability of the certifying body determine the value of the test to others.

    Personally, when I interview someone I don’t give a second look at the certifications they have.  I look for experience that proves the assertions the c…[Read more]

  • mad_irish replied to the topic Simple Question in the forum Other 13 years, 2 months ago

    There is a growing trend amongst infosec circles, especially with information assurance people, to concede that compromise in inevitable.  If you subscribe to this school of thought then backups are your best friend.  In an economic analysis, when you take compromise as a given, it makes the most sense to spend your time/energy investing in r…[Read more]

  • WebGoat is pretty solid, but for my money I’d recommend cruising the vulnerability announcements for well known web apps and installing vulnerable versions and exploiting them yourself.  Many of the most popular web systems have vulnerable versions at some point.  Installing them and figuring out how to exploit the vulnerability is, I think, a l…[Read more]

  • The Art of Software Security Assessment by Dowd, McDonald and Schuh
    -Wonderful overall assessment of the modern state of security (this book is HUGE)

    Network Security Assessment by Chris McNabb
    -This O’Reilly book is one of the best hands on guides I’ve found.

    Linux Hacker Tools by Ivan Sklyarov
    -This book explains how to build tools yourself,…[Read more]

  • I’ve recently completed the CEPT certification and I’ll say that it takes far too long to complete to be able to proctor it.

    One of the vulns that you had to discover in a Windows app was actually pretty well documented online (IIRC there’s a metasploit module).  I ended up finding and writing a custom exploit, but it would be possible to crib…[Read more]

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?