GNUCITIZEN

List of Blog Authors

the following list contains all of GNUCITIZEN's previous and current blog authors.

• pdp
• pagvac
• .mario
• David Kierznowski
• Ivana Kalay

Current Tag Cloud

the following list contains the current tag cloud.

tag clouds were introduced in Wordpress 2.3, therefore not all of our entries have been mapped yet.

All Past Entries

the following list contains all GNUCITIZEN's posts.

• CVE-2009-1151: phpMyAdmin Remote Code Execution Proof of Concept
• Hacking Linksys IP Cameras (pt 5)
• Breaking Into a Home With an iPhone
• Extensions at War
• Exploit Sweatshop
• Jeriko Group and Source Code Repository
• Hacking Linksys IP Cameras (pt 4)
• Hacking Linksys IP Cameras (pt 3)
• Hacking Linksys IP Cameras (pt 2)
• Hacking Linksys IP Cameras (pt 1)
• It is All About People Manipulation Skills
• Exploit Development Framework Design
• Even More XSS Worms
• Tools of Trade
• More Penetration Testing Goodness with Jeriko
• On Security Buzzwords
• Security Buzzword Generator
• No Frameworks but Environments
• CONFidence 2009 coming up soon!
• Codez Are Up
• Every Link You Click is Dangerous
• It is Persistence
• You Don’t Need the Ultimate Pen-testing Framework!
• New Version of dnsmap out!
• Trapping HTTP Requests and Responses with Python
• Python SSL Mitm Proxy and More
• Identity Theft Attacks
• Submit Your Top Web Hacking Techniques for 2008
• Twitter’s Security is so Poor
• Deep Inspection of Online Personas
• Information Security Literacy
• Messing with Web Filtering Gateways
• Happy New 2009
• Thoughts on the Certificate Authority Attack presented at CCC
• In 2008 Hackers Broke the Internet
• Hijacking Innocent Frames
• Firefox Malware
• Code Name V2
• The WebAcid Experiment
• The Agile Hacking Project
• Even More Advanced Clickjacking
• Gmail Security Flaw
• Bring Back the Attack to the API
• GNUCITIZEN in 2005
• 6000 Members on HoH
• Harder, Better, Faster, Stronger – The Malware
• We Need Better Web Tools
• The Cloud is not That Insecure
• Pwning Ubuntu via CUPS
• It works from the browser!
• Back from the cons!
• A Quick Note Regarding Securls and Secapps
• Facebook, Worms and RSS Feeds – Hacking The Web2.0 Way and Beyond
• Inside Netsecurify
• WP Blogsecurify 1.0
• Script Kiddies
• Landing Netsecurify
• We don’t need NASL – OpenVAS
• Frame Injection Fun
• Compliance
• Why Cloud Security Matters
• More Advanced Clickjacking – UI Redress Attacks
• The Return of the TCP Sockets
• Security Certifications
• Clickjacking and Flash
• You Will Do Well
• Landing Secapps
• HoH Sponsors
• Simple Universal Authentication System
• The Training Events are Up
• Social Media Security
• New technique to perform universal website hijacking
• Information Security Training
• Google Chrome Options
• Information Security Services
• Information Security Gigs
• Audio From Black Hat USA 2008
• Handlebars
• Improving Google Chrome
• The QuickTime Vulnerability Overview
• Details of the QuickTime Vulnerability
• My BH Las Vegas Slides
• Rethinking the Desktop Model
• Google Chrome
• Let’s fix the Web
• Bookmarklet of death: Domain hijacking without 0days
• Clouds and The Distorted Notion of Direct Control
• Changes
• Viva La Defcon!
• Targeted
• New Terminology
• More on GIFARS and Other Dangerous Attacks
• GIFARs and Other Issues
• My Black Hat Talk
• HoH 5001 Members and Growing
• Black Hat Las Vegas Baby
• Pareto Principle in the Informtion Security Industry
• Pwnie Award Nominee
• Professional Soldier
• The Way of Logic into Dan’s DNS Flaw
• What have we achieved so far?
• SecUrls Revamped
• OWI: Yet Another Anonymous Point of Attack?
• Save your passwords with Mozilla’s Weave
• Tiger Team Operations vs. Penetration Tests
• Security Companies are Boring
• More UPnP Hacking Fun with Google Media Server
• Landing Blogsecurify
• Google and Wildcard Domains
• OWASP Europe 2008 Ghent
• RISK 2008 Oslo
• The Receipt
• Fear
• Virtualizations
• Most Attractive Targets: SaaS
• The Intermixed Web
• Dumping the admin password of the BT Home Hub (pt 2)
• Dumping the admin password of the BT Home Hub
• Promo Videos
• Tomorrow’s Malware
• CONFidence 2008
• Ghost Busters
• Agile Hacking: A Homegrown Telnet-based Portscanner
• Browser, mount that folder, thank You!
• Conspiracy
• House of Hackers Possibilities
• The Public Perception of the Image of Hackers
• Landing House of Hackers
• With all the Web2.0 something bad will happen!
• Live Mesh – Good or Bad Idea?
• QuickTime 0day for Vista and XP
• HITB Dubai 2008
• Black Hat Europe 2008
• There is no spoon…
• Reverse Shell with Bash
• Default key algorithm in Thomson and BT Home Hub routers
• Content Injection: Hack the Hacker
• Hidden
• Kiosk Hacking: When there is nothing else left
• Reviewing Practical PHP Exploitation Techniques
• Darknets
• ZyXEL Gateways Vulnerability Research (Part 2)
• The Computer Misused Act
• PWN2OWN Rehashed
• What is Black PR
• Black Hat Europe 2008 Amsterdam
• OpenID provides a better security model
• Social Networks, Evil Twins and Puppet Masters
• The 10.000 Sites JS Malware Source Code Leaked
• The State of WiFi security
• Agile Hacking
• GNUCITIZEN on PaulDotCom
• Upcoming
• The Extreme, Web-based Google Hacking Tool
• Exploring the UNKNOWN: Scanning the Internet via SNMP!
• HITB Dubai 2008: we can’t wait!
• Holes in Embedded Devices: Authentication bypass (pt 4)
• Extreme Search Engine Hacking
• Cross-site File Upload Attacks
• WiFi Infestations – Viral Wardriving
• Social Networks Evil Twin Attacks
• Reconsidering the Side-jacking Attack
• 30mins Introductionary Presentation on Client-side Security
• Holes in Embedded Devices: Authentication bypass (pt 3)
• Holes in Embedded Devices: Authentication bypass (pt 2)
• Holes in Embedded Devices: Authentication bypass (pt 1)
• The Pownce Worm (Yet Another Potential AJAX Worm)
• Total surveillance made easy with VoIP phones
• WiFi Ownage
• JavaScript Global Namespace Pollution
• Holes in Embedded Devices: Desynchronized service acting as backdoor
• Router Hacking Challenge
• Hijacking OpenID enabled Accounts
• Hacking Video Surveillance Networks
• Holes in Embedded Devices: Binary state session management
• Holes in Embedded Devices: IP-based session management
• DHCP/mDNS Injection Issues
• R00Ting Public WiFi Networks: DHCP Name Poisoning Attacks
• Name (mDNS) Poisoning Attacks inside the LAN
• Call Jacking: Phreaking the BT Home Hub
• UPnP: The Saga Continues
• Vulnerabilities in Skype
• Flash UPnP Attack FAQ
• Hacking The Interwebs
• Steal His Wi-Fi
• BT Home Flub: Pwnin the BT Home Hub (5) – exploiting IGDs remotely via UPnP
• Hacking with UPnP (Universal Plug and Play)
• All your Metadata are belong to Us
• Google Hacking for Penetration Testers Second Edition
• A Must Read: Brief Testimony of Our Disclosure Experience
• Google.py
• The Orkut XSS Worm
• Security Common Sense
• Bulletproof Rich-content Filters
• General Purpose Fuzzer.py
• Unveiling shoulder skimming
• The Next Line of Defence: Web2.0! You must read this!
• Security and hacking scene in London
• Owning Outlook Web Access (OWA) users
• Flash Cookie Object Tracking
• System Hacking from the Browser (the Python Style)
• The value of automated Security Tests
• h4ck (hacked in 5 minutes)
• CoreAPI
• GEO Tracking Online Personas
• Step One: become an Insider
• What I have been playing/paying Lately
• GNUCITIZEN Wordpress Plugins
• Google Hacking Becomes More Important
• Airport Kiosks Security
• Network Communication API Editor’s Draft
• CSRF Demystified
• Persistent XSS and CSRF on Wireless-G ADSL Gateway with SpeedBooster (WAG54GS)
• Landing Hakiri
• OWASP USA 2007 AppSec Conference
• Strategic GeoIP Hacking and TV Streaming Theft
• Java JAR Attacks and Features
• Severe XSS in Google and Others due to the JAR protocol issues
• Tomorrow’s Trojan Peddlers
• BT Home Flub: Pwnin the BT Home Hub (4)
• Web Mayhem: Firefox’s JAR: Protocol issues
• ASX plus ClickOnce: Dangerous Combination
• Content-Disposition Hacking
• Bugs in the Browser: Firefox’s DATA URL Scheme Vulnerability
• Dive into the Matrix of Reality!
• Snippets of defense Pt.IV
• Joe Walker on Web Application Security
• Mozilla Prism: not there yet!
• Hacking without 0days: Drive-by Java
• Web Client Fuzzer.py
• BT Home Flub: Pwnin the BT Home Hub (3)
• The Next Generation of Security Tools will run from The Browser
• Snippets of defense Pt.III
• GEO-tracking Mobile Phones
• BT Home Flub: Pwnin the BT Home Hub (2)
• Browser Rootkits
• Renaissance
• Clear
• Snippets of defense Pt.II
• Strategic Hacking: GEOIP
• 0day: Hacking secured CITRIX from outside
• Remote Desktop Command Fixation Attacks
• BT Home Flub: Pwnin the BT Home Hub
• Snippets of defense Pt.I
• Clever Hacking: google.js
• Hacking CITRIX – the forceful way
• CITRIX: Owning the Legitimate Backdoor
• Owning Big Brother: Hollywood-style Exploits Included!
• Google GMail E-mail Hijack Technique
• Google Urchin password theft madness
• 0day: PDF pwns Windows
• Backdooring Windows Media Files
• IE pwns SecondLife
• 0DAY: QuickTime pwns Firefox
• Rain of -MINUS Transactions
• How to make money with XSS
• OWASP Day 2007
• For my next trick… hacking Web2.0
• Searching For Evil
• I don’t think that you understand! – Firefox3 Vulnerable by Design
• PKI Book
• For my next trick… hacking Web2.0 Introduction
• Mindmap: Web2.0 hacking
• OpenID – A Security Story
• Identity 2.0 Security
• Hamster plus Hotspot equals Web 2.0 meltdown NOT
• Yahoo Pipes becomes Mage Powerful
• Mindmap: What is Web2.0?
• Facebook Homepage Source Code Probably Leaked
• On Browser Security Restrictions
• What is Web 3.0?
• Quality
• Web2.0 is not AJAX
• Constructive Chaos
• Innovation at Google
• Automated Web Foo or Fud!
• The Month of Hacker Folklore
• Introducing Technika Security Framework (TSF)
• Congratulation! You’ve been nominated for a Pwnie Award.
• Friendly AJAX XSS Worm for Wordpress
• August: The Month of Hacker Folklore
• Web Trend Map 2007 Version 2.0
• Intel Video Ad on Security, directed by Christopher Guest
• Full Disclosure?
• U R Insecure – how URI exploits are changing the webappsec landscape
• Interview with XS-Snipers
• The huge cloud lens bubble map web2.0
• Attack of the URL Vulnerabilities
• Web2.0 Poster
• Firefox could also be used as the entry point
• BID 24856 – Flash Player SWF Vulnerability
• Exploiting the iPhone
• Hackers
• Snoop onto Them as they Snoop onto us
• jQuery JSON
• GNUCITIZEN Updates
• 5 Generic Yahoo Pipes Hackers Cannot live Without
• JavaScript XSS Scanner
• Yahoo Site Explorer Spider
• Projections
• The new dawn of filter evasion
• Micro Blogging @ GNUCITIZEN
• Security Tool Controversy
• Hacking Like in The Movies – The Web2.0 Style
• Happy Little Hacker2.0
• XSSDB Elite
• Web2.0HDB
• OWASP/GNUCITIZEN Fusion Project
• Attacking Password Recovery Facilities
• Co-authoring Google Hacking for Penetration Testers, Volume 2
• The Top 5 most Popular Web2.0 Services Hackers Cannot live Without
• Ad-Jacking – XSSing for Fun and Profit
• Landing Securls.com
• Gadgets
• Future of Web2.0
• Open Source Documentary on Net Neutrality
• Mashups with the Google Mashup Editor
• One Drop on A Spider Web
• XSS Worms and Mitigation Controls
• About the power of Google
• XSS Attacks – Cross Site Scripting Exploits and Defence
• A Brief History of MySpace
• Does what happens in the Facebook stay in the Facebook?
• MPack – The Movie
• The Generic XSS Worm
• Client-side Security
• Client-side SQL Injection Attacks
• The Next Super Worm
• GHDB
• The Web has Betrayed Us
• 6th OWASP Conference
• Zero Degrees of Seperation
• Do We Really Need a Security Industry?
• 2057 – The City
• Social Networks Mayhem
• Changes in the British Computer Misuse Act
• jQuery Include
• XSS Attacks Book Preview
• TinyURL FS among Other Things
• Google AJAX Feed API Dangers
• Persistent CSRF and The Hotlink Hell
• Why HttpOnly won’t protect you
• Application Layer Anti-virus/Firewall
• Firebug Goes Evil
• Username Enumeration Vulnerabilities
• Big Fish
• Preventing CSRF
• Still Here
• ZombieMap
• Adobe Apollo Alpha1
• Sex, Candies and Bookmarklet Exploits
• VBScript to Rule IE
• Load AttackAPI Bookmarklet
• Firetest
• OWASP
• How I almost GOT Hacked
• PDF and History Hacks
• Noscript HScan
• PDF Strikes Back
• Morning Coffee with pdp: Hacking IE
• IE Local Open Hack
• HScan Redux
• Firefox Offline
• Vista Speech Recognition
• Author of the XSS Book
• Browser Focus RIP
• Plain Old Webserver
• The Machine is Us/ing Us
• Playing in Large
• Just Like Magic
• The Shadow
• Technika (Browser Automation Extension for Firefox)
• JavaScript Remoting Dangers
• Project Digest 200701
• TStore.js
• AJAX Worm Database
• What happens to Your Computer if you Mispell Google.com
• Atom Database
• CSRF-ing “Blogger Classic”
• Greasecarnaval
• Google Search Results Poisoning
• How to write AJAX Worms – theoretical point of view
• XSS Prelude
• Universal PDF XSS After Party
• DANGER, DANGER, DANGER
• The year of 2007
• Secure Code Through Frameworks
• Carnaval
• Outsourced
• Backdooring Images
• Backframe 2.x Sneak Preview
• Util
• Web OS
• MySpace QuickTime Worm Follow-up
• Introducing GNUCITIZEN Topics
• Cross-site Request Forgery
• The state of JavaScript Hacking
• Ultra Bot
• Intelligent Hacking
• Sploiter Splog
• The Attack of the TINY URLs
• Web Pages from Hell 2
• New Nova
• GNUCITIZEN Development Network
• Project Digest 200611
• Automated XSS Detection
• The 0XSS Credo
• XSS Shell and Something More
• Introducing Backweb
• Backframe
• A bag full of tricks
• AttackAPI 0.8 is OUT
• Resurrecting Zombies
• Traversing the Web
• Maluc on JavaScript Worms
• Thoughts on JSPing
• Javascript Spider
• Google Search API Worms 3
• Google Search API Worms 2
• Persistent Bi-directional Communication Channels
• JavaScript Attack Channel
• Introducing XSSDB
• XSSDB
• Self-contained XSS Attacks
• Backdooring MP3 Files
• Google Search API Worms
• Web Pages from Hell
• Cross Context Scripting with Sage
• Backdooring QuickTime Movies
• Backdooring Flash Objects (the receipt)
• Backdooring Flash Objects (the walkthrough)
• JavaScript Shell
• Backdooring Web Pages
• AFLAX and something more
• AttackAPI
• Security vs. Accessibility
• Fex – enables Firefox Extension Scanner
• Introducing Carnaval
• Cross Context Scripting
• JavaScript Authorization Forcer
• JavaScript Visited Link Scanner
• JavaScript Address Info
• XSSing the Lan 4
• XSSing the Lan 3
• XSSing the Lan 2
• XSSing the Lan
• JavaScript Port Scanner
• TStore.py
• WSDL Digest 200606
• RDF is Fun
• Jython Shell
• Idea Workout
• Infocrobing
• WS Discovery
• Introduction To Intrusion Detection Systems
• Windows Defence and Attacks
• Infocrobes
• Exegesis of Virtual Hosts Hacking
• Massive Enumeration Toolset
• GNUCITIZEN Redesign

Files

the following list contains all GNUCITIZEN's files.

• phpmyadminrcesh
• wvc54gca_fw_100r24_ls_ltr
• servicelogin
• Screenshot eth1 Capturing Wireshark 1
• Video User Accounts
• Admin Password Extraction 2
• Admin Password Extraction 1
• setupwizardexe Mem Dump 2
• Wizard Cam Discovery
• Snom Screen4
• Snom Screen3
• Snom Screen2
• Snom screen1
• Snom HTM
• Quicktime 0day Movie WMV
• PHP Code Analysis – Real World Examples
• Theft of Win FF Cookies HTP
• IE7 Local Context JS Warning JPG
• confidence_thumbnail
• confidence
• dnsmap-0.22.2.tar
• dwk-owasp-day-september-2007
• pdp-owasp-day-september-2007 PDF
• web20hacking PDF
• gc-wordpress-ips-01
• gc-ssl-normalizer-01
• gc-services-01
• gc-nicer-01
• gc-google-analytics-01
• gc-custom-templates-01
• gc-custom-categories-01
• gc-content-tags-01
• gc-app-gateway-01
• SendToTest MXML
• flash-upnp-screen
• SendToGoogleTest MXML
• Test MXML
• dhcpmangle-perl TXT
• Pownce Screen02
• Pownce Screen01
• 436_xss_toc PDF
• 436_xss_05 PDF
• RISK2008 Oslo Slides
• Httpservers PY
• Search Results Poisoning Screen JPG
• Google Feed AJAX API POC
• Facebook Source Search PHPS
• Facebook Source Home PHPS
• SNMP Results CSV
• Noscript HScan PHP TXT
• jQuery Include JS
• HScan Redux POC
• Google PY
• General Purpose Fuzzer PY
• Web Client Fuzzer
• Hacking Zyxel Gateways Part2
• Greasecarnaval User JS
• FlashCookieManager AS
• Firebug Payload PC
• Firebug Payload JS
• Firebug POC2 HTM
• Firebug POC HTM
• Firebug Splash JPG
• GGEHT Exploit HTM
• GGEHT Seq3
• GGEHT Seq2
• GGEHT Seq1
• PDP Blackhat USA2008 Part2
• PDP Blackhat USA2008 Part1
• Sage Feed POC
• Cracking into Embedded Devices CONFidence 2K8
• Client-side Security Slides CONFidence2008
• Google JS
• Call-jacking POC HTM
• Call-jacking Stewie GIF
• Payload XSS
• BT Home Flub Movie WMV
• PDP GNUCITIZEN ZIP
• Client-side Security Slides BH PDF
• Client-side Security – One Year Later PDF
• Backframe 2 Preview SWF
• BWMF POC04 ASX
• BWMF POC03 ASX
• BWMF POC02 ASX
• BWMF POC01 ASX
• BWMF CONSOLE ASX
• BWMF POC04 HTM
• BWMF POC03 HTM
• BWMF POC02 HTM
• BWMF POC01 HTM
• Clickonce POC ASX
• Clickonce POC HTM
• Homegrown Telnet Portscanner
• Advanced Web Hacking PPT
• Tinyfs INIT JS
• Tinyfs JS
• Tinyfs
• 6th OWASP Spider INIT JS
• 6th OWASP Spider JS
• 6th OWASP Spider
• The Corruptibles SWF
• WP Blogsecurify 1.0
• Stealing Server PY
• Server PY
• Register PY
• GEOIP Digest 2007-10-12
• Create DB SH
• Country 2 IP PPT
• mDNS PY
• Flash Redress 02
• Flash Redress 01
• Clickjacking POCs 02
• Clickjacking POCs 01
• Frame Injection Fun POC
• Idea Workout Screenshot
• Scanner HTM
• Scanner INIT JS
• Scanner SPIDER JS
• Scanner JS
• Spider HTM
• Spider INIT JS
• Spider JS
• Hacking CITRIX Screen01
• ENUM JS
• ENUM PL
• Hacking CITRIX 01
• Hacking CITRIX 02
• CONNECT JS
• BFORCE JS
• jQuery JSON JS
• QT POC 05 AVI
• QT POC 04 MOV
• QT POC 03 MPEG
• QT POC 02 Shutdown DONT CLICK MP3
• QT POC 01 MP3
• 300 Movie Trailer
• PDF pwns Windows Video WMV
• PDF pwns Windows Video DIVX
• PDP Client-side Security CSS
• PDP Client-side Security PDF
• mimesweeper_bypass_1
• mimesweeper_bypass_4
• mimesweeper_bypass_3
• mimesweeper_bypass_2
• Spider HTM
• Ggoogle Dark
• Google Small
• Channel PHP TXT
• 50ft Woman
• Fex SH
• Carnaval
• Aflax
• Greasemonkey
• Shell JS
• The Flash
• Death Flash
• Sample Backdoored MOV
• Hreftrack
• Sample TXT MOV
• Backdoor TXT MOV
• Sample MOV
• Kodo iPod
• Sage
• Google GRID
• about:blank MP3
• Jamesbond Overdrive Backdoored MP3
• Jamesbond Overdrive MP3
• Backdoored MP3
• Addressinfo JS
• Visitedlinkscanner JS
• Authorizationforcer JS
• Killer Tomatoes
• JS Portscanner
• WSDL Digest 200606
• RDF Diagram
• Windows Defence and Attacks
• Introduction to Intrusion Detection Systems
• exegesis-of-virtual-hosts-hacking
• Exegesis of Virtual Hosts Hacking Logo
• Massive Enumeration Toolset Logo