June 17, 2013
CA SiteMinder is a secure Single Sign-On (SSO) and Web access management product that is used to authenticate users and control access to web applications and portals. Your company may be considering purchasing SiteMinder or a similar product, or may …
June 13, 2013
As penetration testers, we are frequently engaged to do penetration tests for PCI compliance. As a part of these penetration tests, we look for cardholder data (Card Numbers, CVV, etc.) in files, network traffic, databases, and anywhere else we might …
June 4, 2013
In the first blog of this series, we showed you how to set up the hardware for your own GPU cracking box. In the second blog of this series, we showed you how to set up the OS, drivers, and …
May 22, 2013
The goal of this blog is to provide a simple process for testing common breakout scenarios related to applications published via Kiosks, Terminal Services, and Citirx using manual techniques and free tool kits. This should be useful to penetration testers and system administrators alike.
May 16, 2013
The process of patching a Java executable (.jar files) without the original source code has been known for a while. As I know of, currently there are two ways of doing it: Decompile the executable > Import …
April 22, 2013
File upload vulnerabilities and web shells are not a novelty when talking about web application security. It’s not rare to see a web shell result in a full compromise of the web server. For example, Metasploit can generate uploadable web …
April 15, 2013
Last week Karl Fosaaen described the various trials and tribulations we went through at a hardware level in building a dedicated GPU cracking server. This week I will be doing a complete walkthrough for installing all the software that we use on our box. This includes installing the operating system , AMD drivers, oclHashcat-plus, and John the Ripper with OpenCL support.