blog.eslimasec.com
eslimasec's blog: August 2010
http://blog.eslimasec.com/2010_08_01_archive.html
IT Security.or so. Tuesday, August 31, 2010. Don´t be so impatient. Subscribe to: Posts (Atom). Why a public python-moinmoin Wiki is not so good idea? Elastic Security: Deploying Logstash, ElasticSearch, Kibana "securely" on the Internet. A glance at Altoro Mutual. Help Net Security - News. Hack In The Box. ADD / XOR / ROL. ISN] InfoSec News Mailing List. Simple template. Template images by enot-poloskun.
blog.eslimasec.com
eslimasec's blog: July 2013
http://blog.eslimasec.com/2013_07_01_archive.html
IT Security.or so. Monday, July 15, 2013. Alexis and I were having a bright moment after siesta time and decided to put in practice a "brand new" attack. well probably somebody has already done this, but at least we haven't seen it out there before. As usual it had to be something fun and probably silly to keep us motivated. Ladies and gentlemen, please welcome "Blind Site Scripting" a.k.a. BSS! Never before XSS would talk to victims! Http:/ testfire.net/search.aspx? TxtSearch= h1 Blind Site Scripting!
blog.eslimasec.com
eslimasec's blog: NoMore and 1=1--
http://blog.eslimasec.com/p/projects.html
IT Security.or so. In order to minimize the time required to perform Web Application Tests and have a handy repository of attack patters M and I wrote this small tool that we hence call No more and 1=1. The tool comes in two flavors (so far) the stand alone version (a java app) and the Webscarab Proxy attached version, we may bundle the tool with more proxies in the near future. The tool is simple, its great value comes in the definitions file which is totally customizable. Attack definitions file here.
blog.eslimasec.com
eslimasec's blog: May 2014
http://blog.eslimasec.com/2014_05_01_archive.html
IT Security.or so. Monday, May 5, 2014. Elastic Security: Deploying Logstash, ElasticSearch, Kibana "securely" on the Internet. Continuing with the tradition of at least one post per year I wanted to write about a pilot I built and keep on refining based on ElasticSearch (1.1.1), Logstash (1.4.0) and Kibana (3.0.1). I wanted to get my hands dirty with these as I have increasingly seen traditional SQL based security applications/tools failing when attempting to scale. And set the port. Parameter to a numb...
blog.eslimasec.com
eslimasec's blog: December 2010
http://blog.eslimasec.com/2010_12_01_archive.html
IT Security.or so. Sunday, December 12, 2010. A glance at Altoro Mutual. Robots.txt file has not been found but error page reveals Microsoft Internet Information Services in Use. Robots file sometimes expose juicy information. Server headers provide quite a lot of information: underlying technologies, versions, and a suspicious second cookie named “amSessionId”. The main search function is vulnerable to XSS. Http:/ testfire.net/search.aspx? TxtSearch=%3Ch1%3EDearest%20user%20please%20provide%20password%2...
blog.eslimasec.com
eslimasec's blog: A glance at Altoro Mutual
http://blog.eslimasec.com/2010/12/glance-at-altoro-mutual.html
IT Security.or so. Sunday, December 12, 2010. A glance at Altoro Mutual. Robots.txt file has not been found but error page reveals Microsoft Internet Information Services in Use. Robots file sometimes expose juicy information. Server headers provide quite a lot of information: underlying technologies, versions, and a suspicious second cookie named “amSessionId”. The main search function is vulnerable to XSS. Http:/ testfire.net/search.aspx? TxtSearch=%3Ch1%3EDearest%20user%20please%20provide%20password%2...
blog.eslimasec.com
eslimasec's blog: Why a public python-moinmoin Wiki is not so good idea?
http://blog.eslimasec.com/2010/11/why-public-python-moinmoin-wiki-is-not.html
IT Security.or so. Saturday, November 27, 2010. Why a public python-moinmoin Wiki is not so good idea? In this post I'm going to discuss why setting up a Internet facing wiki based on MoinMoin. Isn't a great idea in terms of security. I'm referring in this issue about the specific wiki that you can deploy from aptitude in a stable debian version by means of this command:. Thus the version in which I discovered the facts (hacks) is python-moinmoin 1.5.3-1.2. Wait a moment dude isn't this a MoinMoin. Date:...
blog.eslimasec.com
eslimasec's blog: November 2010
http://blog.eslimasec.com/2010_11_01_archive.html
IT Security.or so. Saturday, November 27, 2010. In this topic I'll give some hints on ' 'configuring actions for acpi events. The beginning of the plot. On Monday (24 Nov 2008) my precious EBOX4300 seemed to be turned off, this resulted in this web page again being down.I'm starting to feel I'm not going to get even a poor of 50% of uptime! With this insecure-for-my-uptime discovery I realized it was time to change this suicidal behaviour on my server. Identifying ACPI events generated. What I did next w...
blog.eslimasec.com
eslimasec's blog: Blind Site Scripting
http://blog.eslimasec.com/2013/07/blind-site-scripting.html
IT Security.or so. Monday, July 15, 2013. Alexis and I were having a bright moment after siesta time and decided to put in practice a "brand new" attack. well probably somebody has already done this, but at least we haven't seen it out there before. As usual it had to be something fun and probably silly to keep us motivated. Ladies and gentlemen, please welcome "Blind Site Scripting" a.k.a. BSS! Never before XSS would talk to victims! Http:/ testfire.net/search.aspx? TxtSearch= h1 Blind Site Scripting!
SOCIAL ENGAGEMENT