woFF

coming back online… soon

July 29th, 2013

Ummm… long story short: after these 3 years the blog will be back online soon ;)

A few stuff to highlight from the “missing past”:

  • 2010 – 2012 it sec consulting, internal / external, app / infrastructure level, all kind of pentesting & hacking all around Europe… lot of “war stories” which I will not share
  • 2012 – Cyberlympics – 3rd place as member of gula.sh (red team automation was fun)
  • 2013 – new job, new challenges and new stories which I plan to share :)

XSS? – javascript location object encoding in various browsers

June 8th, 2010

I thought it would be great to quickly share some interesting stuff I noticed about the way the different browsers handle the javascript location object, but first a few words about the object’s properties and what they contain:

  • hash – everything after the # (anchor) in the URL
  • host – the hostname and port
  • hostname – the hostname
  • href – the full URL
  • pathname – path to the requested file
  • port, protocol – i think these speaks for themselfs
  • search – the query string (~GET parameters)
  • target – the url link’s target name

What is so interesting about these parameters? Well it seems that the different browsers handle the values in them differently and if they are written back to the html with javascript (for example with document.write) they can easily lead to cross-site-scripting. Here is the summary about the parameters I found “interesting” (not encoded by the browser):

IE 8 Firefox 3.6.3 Chrome 4.1.249.1064 Opera 10.53
location.hash not encoded not encoded not encoded not encoded
location.href not encoded encoded not encoded (the hash in it is not encoded) not encoded (the hash in it is not encoded)
location.search not encoded encoded encoded encoded

Read the rest of this entry »

SSH2 “MITM” like attack with JMITM2

May 27th, 2010

First: the following attack is not a real (at least not a perfect) man-in-the-middle attack, since the target will get a warning about the altered SSH server footprint and the attacker needs to “hijack” the communication between the target and the SSH server (ARP cache poisoning for example…), but I think the tool deserves a note (all the credits for the software goes to David Gümbel).

Read the rest of this entry »

HSIYF Hacking Tournament #1

May 18th, 2010

Background

How Strong Is Your FU Hacking Tour - offensive security
Not so long ago it turned out that Vadium (congratulations!) and me got a “shared” first place in “How Strong Is Your FU Hacking Tournament #1″, so I decided to archive my feelings, findings and the penetration test here.

Read the rest of this entry »

Hello World!

May 18th, 2010

After due deliberation (and getting a shared first place in the HSIYF Hacking Tournament #1 – see the next post) I decided to start this site to have a place where I can share my ideas, developments and achievements in the IT security field with the public. Anything shared in this site is released by me and there isn’t any connection or liability that belongs to my current or any previous eployer.

Anything shared in this site is released by me and there isn't any connection or liability that belongs to my current or any previous eployer.