securitybsides.org.uk
Security BSides London
https://www.securitybsides.org.uk/April2014
CHALLENGE 1 By Gareth Owen. CHALLENGE 2 By Anthony Cox. CHALLENGE 3 By Rob Miller. CHALLENGE 4 By Didier Stevens. CHALLENGE 5 By Alec Waters. Wednesday 24th April 2013 Our Hat Trick year. Wednesday 25th April 2012 Our second year. Wednesday 20th April 2011 See how we started out. Getting Here - Tube Strike. What To Expect on the Day. Kensington and Chelsea Town Hall. London, W8 7NX. Tel: 020 7361 3000. We have a Winner! The winning logo design (as voted by you) is by Kev McGuinness. We are looking for.
penturalabs.blogspot.com
Pentura Labs: March 2010
http://penturalabs.blogspot.com/2010_03_01_archive.html
Friday, 26 March 2010. Back from RootedCon 2010. I know, I didn't write anything about the Rootedcon as I promised last week but following the congress I came up with some new ideas and I have been busy coding them. I don't know how to describe the congress. Simply amazing is a good approach. I met a lot of fantastic people and saw a lot of friends again. And, of course, we talked and learnt about security, so, what more I can ask for? Last day the sessions were very interesting too. Android forensic.
penturalabs.blogspot.com
Pentura Labs: New version of Wfuzz!
http://penturalabs.blogspot.com/2010/05/new-version-of-wfuzz.html
Monday, 17 May 2010. New version of Wfuzz! I don't like automatic tools. Full stop. Well. not full. I like some semi-automatic tools. One of these tools is wfuzz. I love this python script to perform a quick look over all the directories in a website and sometimes to test against some basic authorization bypass fuzzing a numeric parameter. The use of this tool is very easy and I'm not going to explain here, you can read the README file. First of all if you want to download it. Alphanum case extra.txt.
penturalabs.blogspot.com
Pentura Labs: A bit of information about TRACE and OPTIONS
http://penturalabs.blogspot.com/2010/06/bit-of-information-about-trace-and.html
Friday, 11 June 2010. A bit of information about TRACE and OPTIONS. Another post here after a some time. I'm really busy at work right now but I also need these small breaks to carry out my own testing and share a bit of what we learn here at Pentura. I want to write today about the TRACE, OPTIONS and others HTTP verbs. Sometimes in reports we can see that they discovered the TRACE verb active in our server. How they (us ;) ) do it? How do we test to understand if it's a real vulnerability? Using this, a...
penturalabs.blogspot.com
Pentura Labs: April 2010
http://penturalabs.blogspot.com/2010_04_01_archive.html
Friday, 16 April 2010. This post was posted originally at my personal own blog. In the exploit-db.com. Today, reading some stuff at internet I have found an article about 7 PHP scripts to generate shorts URLs. This kind of links are very common today with a lot of controversy about the security risk that they implied. I’m not here (now) to discuss about shorting URL’s services but to talk about a stupid bug that I have found in the first (! Software that WebResourcesDepot recommend today. As you can read...
penturalabs.blogspot.com
Pentura Labs: August 2010
http://penturalabs.blogspot.com/2010_08_01_archive.html
Wednesday, 4 August 2010. Security talk at Reading Geek Night - FlasHack. Lovely summer, isnt it? I'm enjoying carrying out a lot of testing, researching and also a bit of developing. But I always try to make time for sharing knowledge! This is the reason I'm going to speak again at Reading Geek Night. Next week. I'll be doing a talk about how to decompile, modify, analyze and abuse Flash applications. Posted by Pedro Laguna. Links to this post. Subscribe to: Posts (Atom). Subscribe To PenturaLabs RSS.
penturalabs.blogspot.com
Pentura Labs: Security talk at Reading Geek Night - FlasHack
http://penturalabs.blogspot.com/2010/08/security-talk-at-reading-geek-night.html
Wednesday, 4 August 2010. Security talk at Reading Geek Night - FlasHack. Lovely summer, isnt it? I'm enjoying carrying out a lot of testing, researching and also a bit of developing. But I always try to make time for sharing knowledge! This is the reason I'm going to speak again at Reading Geek Night. Next week. I'll be doing a talk about how to decompile, modify, analyze and abuse Flash applications. Posted by Pedro Laguna. Subscribe to: Post Comments (Atom). UK security research and consultancy.
penturalabs.blogspot.com
Pentura Labs: HOWTO: Using MBSA remotely
http://penturalabs.blogspot.com/2010/05/howto-using-mbsa-remotely.html
Thursday, 20 May 2010. HOWTO: Using MBSA remotely. When it comes to performing a security assessment of Windows servers (SQL, ISA, IIS etc), the Microsoft Baseline Security Analyzer (MBSA). Tool provides a good idea of the key security settings implemented on the Windows server being audited. Using the " runas. Command from Windows Command Prompt, its possible to specify the remote servers admin credentials for use with the MBSA executable:. Runas' command with custom credentials and mbsa.exe. NOTE: If y...
penturalabs.blogspot.com
Pentura Labs: June 2010
http://penturalabs.blogspot.com/2010_06_01_archive.html
Friday, 11 June 2010. A bit of information about TRACE and OPTIONS. Another post here after a some time. I'm really busy at work right now but I also need these small breaks to carry out my own testing and share a bit of what we learn here at Pentura. I want to write today about the TRACE, OPTIONS and others HTTP verbs. Sometimes in reports we can see that they discovered the TRACE verb active in our server. How they (us ;) ) do it? How do we test to understand if it's a real vulnerability? Using this, a...
SOCIAL ENGAGEMENT