There is a great interview with Rafal Los aka “Security Skeletor“, on his blog at Preach Security.
Enjoy!
Regards,
Jabra
OWASP Podcast #27 – "Security Skeletor"
June 30, 2009
Leave a Comment » | 
WebApp | 
Permalink
Posted by Jabra
Pentesting with Perl
June 29, 2009I’m currently working on a new training course I’m planning to give in the near future. By the title of the blog posting, I’m sure you have guessed the title… That’s right, Pentesting with Perl
The object of the course is to cover many of the tasks that need to be performed during a penetration assessment.
- IP/Hostnames reverse, resolve and extract information
- Convert CIDRs to Ranges and Ranges to CIDRs
- Extracting information from: Nmap, Nikto, Sslscan, Dirbuster, and Fierce
- Extracting links and email addresses from a website
- Building a Port-scanner in 10 minutes or less
- Union and intersection of two files
- Building a sniffer to parse PDML (synergy decrypter)
- Performing Phishing attacks with Metasploit (updated)
- Modifying the shellcode of your favorite browser exploit (updated)
This course will help to streamline much of the tedious aspects of pentesting. We will use Perl to get the job done quickly and effectively. The goal of the course is to help everyone to automate many of the tasks they are performing manually, so that they can focus on more complex issues. The ability to automate tasks is critical to being a successful penetration tester. We need to be spending time on the most complex issues that can not be tested through the use of automated tools!
Please let me know what you think. I look forward to your comments and suggestions.
Recommended Reading:
- Programming Perl (ISBN-10: 0596000278, ISBN-13: 978-0596000271)
The requirements for the course are:
- A basic understanding of Perl including scalars, arrays and hashes
- A basic understanding of XML and Object Oriented programming
- A good understanding of TCP/IP and other networking concepts
- Familiarity with Nmap and other penetration testing tools
I’m structuring the course to be roughly 3 hours and to be available at Infosec World 2010.
Regards,
Jabra
9 Comments | Perl, Training | Permalink
Posted by Jabra
MS09-002 Exploit via BeEF
June 27, 2009
Leave a Comment » | Demos, Talks, WebApp | Permalink
Posted by Jabra
Welcome to my new blog
June 25, 2009I have decided to switch from simplephpblog to blogger. The blog will continue to be focused on Security, Perl, Open Source tools and a combination of all of the above. I will include information about presentations and papers, I’m working on. I hope you find this blog useful!
Please feel free to leave comments and/or suggestions.
Regards,
Jabra
Leave a Comment » | General | Permalink
Posted by Jabra
Metasploit Adobe UtilPrintf Exploit
June 24, 2009
Leave a Comment » | Demos, Talks | Permalink
Posted by Jabra
Metasploit XML Corruption Exploit
June 24, 2009
Leave a Comment » | Demos, Talks | Permalink
Posted by Jabra
Java Applet with Meterpreter Payload
June 24, 2009
2 Comments | Demos, Talks | Permalink
Posted by Jabra
Joshua "Jabra" Abraham 