0x0Lab Blog Just another damn blog

8Jun/107

Bypassing Safari 5 XSS Auditor

Posted by cirrus

Safari 5 was released today and following IE8's move they decided to implement what they call XSS Auditor.

Filed under: MacOSX, Security Continue reading
2Jun/102

DirBuster Dictionary Populator

Posted by cirrus

Dirbuster and dirb are in the toolset of all web application security fans. Both tools are excellent (although I prefer dirb due to it being command line and not Java), but their results obviously depends on how good the wordlist you are using is.

Filed under: Security, Software Continue reading
26Apr/101

iPhone applications that transmit credentials using “unsafe” protocols

Posted by cirrus

The iPhone SDK allowed for the creation of thousands of applications. However, some of these applications (probably more than I would like to admit), have not been coded with security in mind.

Filed under: Security Continue reading
24Mar/100

Show hidden fields bookmarklet

Posted by cirrus

Just a quick useful bookmarklet, that shows all the hidden fields in a page.
Just bookmark this:
Show hidden

Filed under: Security No Comments
12Mar/100

Converting an exe file to vbs and back to exe

Posted by cirrus

It is often useful to be able to convert an exe file to a string which will be able to reproduce the exe file. This can be used in a variety of ways (send by email, from an SQL injection, etc.).

Filed under: Security, Software Continue reading
12Mar/101

Windows simple backdooring

Posted by cirrus

I remember reading this ages ago, and a couple of weeks ago I decided to give it a try.
I was amazed to see not only that this works, but that it even works on Windows7. Granted you do need some extra steps to make this happen in the later.

Filed under: Security, Windows Continue reading
11Mar/100

MacOSX Sandboxes

Posted by cirrus

MacOSX Snow Leopard implements a sandbox facility.

According to the sandbox manpage:
The sandbox facility allows applications to voluntarily restrict their access to operating system resources. This safety mechanism is intended to limit potential damage in the event that a vulnerability is exploited. It is not a replacement for other operating system access controls.

Filed under: MacOSX, Security Continue reading
   

Pages

Categories

Blogroll

Security Tweets

Refresh
dakamidakami: Off to the Exploratorium with @fbz and @skytee. In other news, O Hai SF Krew ;)
45 minutes ago from txt
exploitdbexploitdb: [shellcode] - Linux/ARM - execve("/bin/sh", [0], [0 vars]) - 27 bytes: http://bit.ly/ctucbj
46 minutes ago from twitterfeed
exploitdbexploitdb: [dos] - FCrackZip 1.0 Local Buffer Overflow Proof of Concept: http://bit.ly/9QUuwJ
1 hour ago from twitterfeed
carnal0wnagecarnal0wnage: RT @danielsnyder1 China has ordered all foreign computer security vendors to GET OUT http://bit.ly/crManw <--they finally stole everything?
2 hours ago from twidroid