Posts Tagged ‘pentest’
Just how easy is it to ‘BeEF’? December 5th, 2012With the recent WordPress theme design work I’ve been doing, it got me wondering as to how easy it would be for a rogue website admin to use BeEF for inappropriate purposes… To find out I decided to test it myself.
Tips for assessing Citrix published applications April 16th, 2012Over the years as both a Citrix engineer and an Infosec professional I have had to harden or assess a large number of published Citrix applications. Whilst I obviously cannot go into the specifics of bespoke applications etc, I wanted to try and provide some tips on how to breakout of a bespoke published application. [...]
XSS – some examples… January 27th, 2011Those of us who interact with or manage the results from penetration testing teams all (hopefully!) understand the ramifications when a XSS vulnerability is found. We may even all understand the differences between a reflected XSS vulnerability and a persistent XSS vulnerability. What about those higher up the food chain? Do those who interact with [...]
Armitage aka making metasploit even easier… January 20th, 2011Armitage is an application written by Raphael Mudge which provides a graphical front end to Metasploit. The beauty of Armitage is it allows you to scan targets, whilst automatically recommending appropriate exploits and makes the execution of said attacks exceptionally easy, all via a nice gui. The application is aimed at Security Professionals who whilst [...]
Left the back door unlocked? January 14th, 2011Business X is a company that takes Infosec seriously. They’ve deployed their hardened web application and database servers over multi tiered DMZ’s, restricting the addresses and ports as required. The servers themselves have the latest patches installed, minimal services enabled, minimal accounts with complex passwords. In addition they’ve deployed IPS at the entry points into [...]