Skip to main content

Posts

AppSec California 2014

Recent posts

Behind the scene of DTS-Enterprise

As you seen all of my tutorial I uses Virtualization Technology as seen in the screen-shot below and I use rdesktop in order to connect to the Windows machine from a Linux box. The Windows machine has the following software installed anti-virus and vmware. As you see in the screen-shot below it looks like if I installed a dedicated Linux server onto the machine.

[ Preventing XSS attacks ]

[ Preventing XSS attacks ]  In the video it illustrates three version of an XSS attack: high level, detailed with the script tag, and detailed with no script tag, and then recommends resources for further learning.  Cross-site scripting holes are web-application vulnerabilities which allow attackers to bypass client-side security mechanisms normally imposed on web content by modern browsers. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access privileges to sensitive page-content, session cookies, and a variety of other information maintained by the browser on behalf of the user. Cross-Site Scripting (XSS) attacks occur when: Data enters a Web application through an untrusted source, most frequently a web request. The data is included in dynamic content that is sent to a web user without being validated for malicious code. The malicious content sent to the web browser often takes the form of a segment of JavaScrip

Great tutorials on praticing security

[ Hack This Site]  Is a free, safe and legal training ground for hackers to test and expand their hacking skills. More than just another hacker wargames site, it's a living, breathing community with many active projects in development, with a vast selection of hacking articles and a huge forum where users can discuss hacking, network security, and just about everything. Tune in to the hacker underground and get involved with the project. This site has the following missions Basic missions Realistic missions Application missions Programming missions Extbasic missions Javascript missions Stego missions IRC missions http://www.hackthissite.org/ Pros a safe way to practice your knowledge Cons Must be online in order to use this Must create an user account.  -------------------------------------------------------------------------------------- [  OWASP ] The Open Web Application Security Project (OWASP) is a not-for-profit worldwide charitable organizati

[ Quick Tip ] Linux Scripting

Ever wanted to gather the user accounts in Linux well it's no problem if you know bash scripting. In the terminal or konsole type " awk 'BEGIN { FS=":" } { print "User Account: " $1 "\n" "Home Directory: "  $6 "\n" }' /etc/passwd " as seen below. Like what you see you can vist http://tldp.org/LDP/Bash-Beginners-Guide/html/Bash-Beginners-Guide.html . This site is great for user that want to learning about bash scripting.

Stealing cookies with cross site scripting

Episode 11 - Stealing cookies with cross site scripting This video will show you how to steal users cookies by using a cookie stealer to exploit a XSS Cross site Scripting vulnerability. If you want to see more video visit http://www.iexploit.org/ and click on videos and yes there is still an IRC channel for people who want to chat old fashion. there no need to download any IRC software because the web site has one built-in IRC client.

Google trick

Google search engine can be more than searching for information it has some built-in webmaster tools and I will using dannytechsecurity.blogspot.com & dtsenterprise.tech.officelive.com. On the search engine type " site:.dannytechsecurity.blogspot.com "like seen in the picture below. What this does it brings up pages of this site a.k.a the site domain. Now let's add some information the query, but instead we will switch to another site which I operate. Type " site:.dtsenterprise.tech.officelive.com filetype:pdf ". What this does it not just searches the site, but now I looking for something in particular like my PDF's. /** BONUS **/ From TechTV's " The Screen Savers " Woody Hughes, editor of the Maximum Linux magazine, drops by to show some really useful Linux commands every Linux newbie should know. <br>a If you want to see more of there vide