I published the following diary on isc.sans.org: “HTTP Headers… the Achilles’ heel of many applications“. When browsing a target web application, a pentester is looking for all “entry†or “injection†points present in the pages. Everybody knows that a static website with pure HTML code is less juicy compared to a
I had an interesting discussion with a friend this morning. He explained that, when he is conducting a pentest, he does not hesitate to add sometimes in his report a specific finding regarding the lack of attention given to the previous reports. If some companies are motivated by good intentions and ask
As a pentester, I’m always trying to find new gadgetstools to improve my toolbox. A few weeks ago, I received my copy of Dr Philip Polstra’s book: “Hacking and Penetration Testing with Low Power Devices” (ISBN: 978-0-12-800751-8). I had a very interesting chat with Phil during the last BruCON edition
A few weeks ago I bought Georgia Weidman’s book about penetration testing: “A Hands-On Introduction to Hacking“. Being overloaded by many projects, I finally finished reading it and it’s now time to write a quick review. Georgia is an awesome person. There are not many recognized women in the information security
In a previous post, I spoke about the importance of the “context” during a pentest. In a recent project, I faced a situation similar to airplane crashes. Let me explain this… Despites the fact that the crash of an airplane results sometimes in a huge amount of deaths once, airplaines
Just before the announce of the Full-Disclosure shutdown a few days ago, a thread generated a lot of traffic and finally turned into a small flame war. In the beginning of the month, a security researcher reported a vulnerability found on Youtube. According to him, the Google service was suffering of
A quick post to share with you my feedback about an issue I faced after a SET (“Social Engineering Toolkit“) upgrade to the latest version (5.0.3). SET is a wonderful tool that you must master. Â I’m using SET on a EC2 instance because it does not interfere with my other
Finally, I found some time to write my review of another book: “BackTrack 5 Wireless Penetration Testing“. The book was written by Vivek Ramachadran. Good coincidence? Vivek was present during the last edition of BruCON and gave a workshop called “Wi-Fi malware for fun and profit“. Being quite busy during
If you are working in the “information security” field, you must know the BackTrack distribution (otherwise you must be an alien coming from a far away planet!). If you search for the word “backtrack” on Amazon, you will find lot of references but only one book is fully dedicated to
When talking about security, companies often focus on the “security perimeter“. Inside this perimeter, you have the “good” guys and all the rest is considered as the “wild” world, the Internet. Once you passed the access controls, you are free to walk and do what you want. Can you approve
