OWASP Podcast #27 – "Security Skeletor"

June 30, 2009

There is a great interview with Rafal Los aka “Security Skeletor“, on his blog at Preach Security.



Pentesting with Perl

June 29, 2009

I’m currently working on a new training course I’m planning to give in the near future. By the title of the blog posting, I’m sure you have guessed the title… That’s right, Pentesting with Perl

The object of the course is to cover many of the tasks that need to be performed during a penetration assessment.

  • IP/Hostnames reverse, resolve and extract information
  • Convert CIDRs to Ranges and Ranges to CIDRs
  • Extracting information from: Nmap, Nikto, Sslscan, Dirbuster, and Fierce
  • Extracting links and email addresses from a website
  • Building a Port-scanner in 10 minutes or less
  • Union and intersection of two files
  • Building a sniffer to parse PDML (synergy decrypter)
  • Performing Phishing attacks with Metasploit (updated)
  • Modifying the shellcode of your favorite browser exploit (updated)

This course will help to streamline much of the tedious aspects of pentesting. We will use Perl to get the job done quickly and effectively. The goal of the course is to help everyone to automate many of the tasks they are performing manually, so that they can focus on more complex issues. The ability to automate tasks is critical to being a successful penetration tester. We need to be spending time on the most complex issues that can not be tested through the use of automated tools!

Please let me know what you think. I look forward to your comments and suggestions.

Recommended Reading:

  • Programming Perl (ISBN-10: 0596000278, ISBN-13: 978-0596000271)

The requirements for the course are:

  • A basic understanding of Perl including scalars, arrays and hashes
  • A basic understanding of XML and Object Oriented programming
  • A good understanding of TCP/IP and other networking concepts
  • Familiarity with Nmap and other penetration testing tools

I’m structuring the course to be roughly 3 hours and to be available at Infosec World 2010.



MS09-002 Exploit via BeEF

June 27, 2009

Welcome to my new blog

June 25, 2009

I have decided to switch from simplephpblog to blogger. The blog will continue to be focused on Security, Perl, Open Source tools and a combination of all of the above. I will include information about presentations and papers, I’m working on. I hope you find this blog useful!

Please feel free to leave comments and/or suggestions.


Metasploit Adobe UtilPrintf Exploit

June 24, 2009

Firefox Keylogger

June 24, 2009

Metasploit XML Corruption Exploit

June 24, 2009


June 24, 2009

BeEF on BackTrack4

June 24, 2009

Java Applet with Meterpreter Payload

June 24, 2009