Menu > Elements de la revue Twitter : - l'ensemble [tous] - par mots clé [tous] - par compte [tous] - le tagwall [voir]

---

S'abonner au fil RSS global de la revue Twitter

---

Suivants

Les Tweets filtrés pour "RSnake" (59 résultats)
S'abonner au fil RSS SecuObs pour le compte Twitter RSnake


[2012-09-20] - 07:59:33 - Hmm. If SSL relies on email for cert verif/exchange, and outbound mail servers ignore snakeoil certs...

[2012-09-19] - 08:40:18 - Finally got around to donating the XSS cheat sheet to @OWASP http://t.co/EI1zI9AK Now everyone can edit/modify at will.

[2012-09-19] - 08:40:18 - @superevr @ryancbarnett Agreed, and even phishing most of the time will be custom too.

[2012-09-19] - 08:40:18 - @theharmonyguy Interesting, I like the nduja worm example too as a way to explain exponential XSS, albeit more PoC than weaponized code.

[2012-09-14] - 10:38:46 - @_mwc That assumes the user has already visited - lest HSTS never gets displayed to the user via the mitm w/ the bad cert. ;) @jeremiahg

[2012-09-11] - 12:50:50 - @fielding Gotcha, not unintended then. Love to chat w/ you about other Apache stuff sometime otp when you have some free time.

[2012-09-06] - 09:14:07 - @brianwilson When I said no egress, I meant from the SSH (server) side.

[2011-01-10] - 11:41:11 - @JasonD except that they'll still contune to send the creds. Makes mitm slighly more interesting actually if the creds are still cached.

[2010-12-18] - 08:44:25 - Hahah... my book stallown3d Amazon: http://drwetter.eu/amazon/

[2010-06-14] - 23:31:50 - You can turn reflected XSS into Clickjacking: http://bit.ly/ar5gIU

[2010-06-12] - 05:13:21 - Finally getting a chance to sit down and finish reading Ivan Ristic's Mod_Security book. Great read: https://www.feistyduck.com/

[2010-05-06] - 19:22:37 - Looks like I'm speaking at Blackhat. W00t: http://www.blackhat.com/html/bh-us-10/bh-us-10-speaker_bios.html

[2010-04-15] - 07:19:10 - Go go ATT MITM: http://bit.ly/a349sq

[2010-04-15] - 07:19:10 - Gotta love Chrome: http://ha.ckers.org/blog/20100414/chrome-phishing/

[2010-04-07] - 08:26:03 - MalaRIA malicious RIA proxy released: http://bit.ly/bWzYot

[2010-03-18] - 05:46:16 - @ChrisJohnRiley All port 80 thus far. It follows the proxy settings in Windows, so I've been seeing it using a typical MITM proxy (Burp)

[2010-02-27] - 04:04:56 - Facebook Patents Social Feeds and I Patent XSS http://bit.ly/96JSZl

[2010-02-17] - 01:06:32 - Google Buzz Persistent XSS http://bit.ly/bvVaIe

[2010-02-14] - 16:46:03 - @achillean how many records does shodan have? That's a useful thing to know when building stats. Maybe something for the homepage?

[2010-02-06] - 02:04:02 - RT @owasp_podcast: OWASP Podcast 60, an interview with @RSnake and @jeremiahg, is now live! (mp3) http://bit.ly/bTdQ4u

[2010-02-01] - 05:19:12 - Looks like my previous list made it into Nikto http://trac2.assembla.com/Nikto_2/ticket/119 w00t!

[2010-01-31] - 02:00:46 - @fmavituna it wasn't in the wild. Just a proof of concept. Samy also did an smpt ipe + there's another xss in imap3... all poc though.

[2010-01-30] - 03:58:40 - @egyp7 wish I did, most are just txt files. Some are 0day from our logs too.

[2010-01-27] - 01:22:54 - Fun lil JavaScript backdoor: http://bit.ly/bLrSnE

[2010-01-26] - 00:46:07 - @dakami Cloud = intranet in that case. It's up to the admin to define, by policy. ABE + MOM is close to the right answer.

[2010-01-26] - 00:46:07 - @jeremiahg I would, but there's no way that would fit in a twitter window. But you name some cloud providers and I have sensitive RFC1918.

[2010-01-14] - 20:20:48 - For those testing the great Chinese firewall use falun (short for falun gong). http://www.baidu.com/s?wd=falun

[2010-01-14] - 03:14:00 - @Google how is an attack against your cloud based wire-tap not an assault on cloud computing? http://bit.ly/7SabbN

[2010-01-14] - 03:14:00 - @MisterGlass uh... right, but they used that to attack the cloud... so... it's an attack against the cloud.

[2010-01-14] - 03:14:00 - @MisterGlass if the data is in the cloud and that's what they got... How is that not an attack against the cloud. You trolling me?

[2010-01-14] - 03:14:00 - @MisterGlass it's all connected. Political dissidents shouldn't trust the cloud because it can't protect from one dumb Googler with PDF.

[2010-01-07] - 18:05:32 - PCI compliance wasn't enough to stop Heartland: http://bit.ly/50Ejlz

[2010-01-07] - 07:22:06 - RT @samykamkar: NAT Pinning: I can penetrate your router/firewall and connect to you on any port. You just hit a URL. No XSS/CSRF. http: ...

[2009-12-06] - 22:06:48 - @randomdross - I did mention the proxy concept here as well as how upstream DNS providers could tackle it: http://threatpost.com/en_us/iKE

[2009-12-01] - 21:05:24 - Uploaded a DNS Rebinding video: http://ha.ckers.org/blog/20091201/dns-rebinding-video/

[2009-11-28] - 11:42:03 - Google Phishing Site: http://www.google-ac.com/accounts/signin.html

[2009-11-26] - 01:36:37 - A watched MD5 hash never cracks.

[2009-11-18] - 20:29:56 - Add spamming and scraping to the list of problems DNS Rebinding enables: http://bit.ly/1JCJ6D/

[2009-11-18] - 01:45:53 - @randomdross DNS Rebinding just keeps getting worse, doesn't it: http://bit.ly/4cxuKQ/

[2009-11-17] - 04:32:08 - @randomdross @mckt_ DNS Rebinding Session Fixation http://bit.ly/3hxTJN More to come.

[2009-11-17] - 04:32:08 - I covered quite a bit of DNS rebinding in the book. Same mitigatigations, different problems: http://bit.ly/3hxTJN

[2009-11-15] - 12:47:36 - @t3rmin4t0r RT @sambowne: My Defcon Talk with @rsnake is up in video http://tr.im/EYLV -- SlowLoris and SSLStrip demos

[2009-11-15] - 03:00:59 - @marcinw Their bank and their QSA. That's how PCI works and does hold water assuming they still respect OWASP top 10.

[2009-11-15] - 03:00:59 - @t3rmin4t0r yessir, that was my DefCon speech with Sam Bowne. My part was on Slowloris and the Iranian rebels.

[2009-11-15] - 03:00:59 - @djtechnocrat PCI is about protecting card data. Client side risks count. I do worry about removing info disclosure though, you're right.

[2009-11-15] - 03:00:59 - @djtechnocrat You'd have to ask the OWASP leadership, I guess. Good question.

[2009-11-15] - 03:00:59 - @djtechnocrat right which you need to use some social engineering to exploit. XSS or redirects sent in email, etc.

[2009-11-14] - 01:51:53 - Unvalidated redirects part of #OWASP top 10. Guess Google fails PCI once this gets ratified. No more feeling lucky. #AppSecDC

[2009-11-14] - 01:51:53 - @mayscript SQLi is a joke? That's a new one. Do you really believe that?

[2009-11-13] - 19:36:23 - Came up with some new ideas around DNS rebining yesterday while chatting with Dan Kaminsky. Boom.

[2009-11-13] - 19:36:23 - @mckt_ hah, no just typical DNS rebinding. A few more uses for it though. I'll write it up in the next few days.

[2009-11-13] - 05:49:37 - RT @rafallos Win a big prize in my talk today, stand up when I mention Monty Python

Suivants

---

S'abonner au fil RSS global de la revue Twitter

---

SecuToolBox :
Bluetooth Stack Smasher v0.6 / Bluetooth Stack Smasher v0.8 / Slides Bluetooth Eurosec 2006 / Exposé vidéo Windows Shellcode - Kostya Kortchinsky / Exposé audio Reverse Engineering - Nicolas Brulez / Exposé vidéo Securitech - Pierre Betouin / Secure WIFI WPA + EAP-TLS + Freeradius / Audit Windows / Captive Password Windows / USBDumper / USBDumper 2 / Hacking Hardware / WishMaster backdoor / DNS Auditing Tool / Ettercap SSL MITM / Exploit vulnérabilités Windows / Memory Dumper Kernel Hardening / Reverse Engineering / Scapy / SecUbuLIVE CD / Metasploit / eEye Blink Sec Center / eEye Retina Scanner + d'outils / + de tutoriels

Mini-Tagwall des articles publiés sur SecuObs :
sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre + de mots clés avec l'annuaire des articles publiés sur SecuObs

Mini-Tagwall de l'annuaire video :
curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio + de mots clés avec l'annuaire des videos

Mini-Tagwall des articles de la revue de presse :
security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité + de mots clés avec l'annuaire de la revue de presse

Mini-Tagwall des Tweets de la revue Twitter :
security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack + de mots clés avec l'annuaire de la revue Twitter