List of Blog Authors
the following list contains all of GNUCITIZEN's previous and current blog authors.
Current Tag Cloud
the following list contains the current tag cloud.
0day
AJAX
announcement
authentication
Black Hat
book
bypass
camera
conference
cross-site scripting
csrf
embedded
embedded devices
enumeration
event
exploit
firefox
gnucitizen
google
hack
hitb
java
javascript
linksys
owasp
philosophy
presentation
presentations
project
python
QuickTime
rant
router
scanner
scanning
secure
security
slides
tool
UPnP
video
vulnerability
web
web2.0
xss
All Past Entries
the following list contains all GNUCITIZEN's posts.
- Landing Proxify
- Fuzzing XML and JSON Pt.1
- You and Your Research
- Well Websecurify Runs on The iPhone
- Stuxnet
- Having fun with BeEF, the browser exploitation framework
- ColdFusion directory traversal FAQ (CVE-2010-2861)
- 1ST European Edition of HITB Coming Up!
- Hacking Linksys IP Cameras (pt 6)
- Dnsmap v0.30 is now out!
- Old-school Remote Command Exec Vulnerabilities on Avaya Intuity
- Skydive
- Free Web Application Security Testing Tool
- Of Sec Cons and Magstripe Gift Cards
- CVE-2009-1151: phpMyAdmin Remote Code Execution Proof of Concept
- Hacking Linksys IP Cameras (pt 5)
- Breaking Into a Home With an iPhone
- Extensions at War
- Exploit Sweatshop
- Jeriko Group and Source Code Repository
- Hacking Linksys IP Cameras (pt 4)
- Hacking Linksys IP Cameras (pt 3)
- Hacking Linksys IP Cameras (pt 2)
- Hacking Linksys IP Cameras (pt 1)
- Exploit Development Framework Design
- Even More XSS Worms
- Tools of Trade
- More Penetration Testing Goodness with Jeriko
- On Security Buzzwords
- Security Buzzword Generator
- CONFidence 2009 coming up soon!
- Codez Are Up
- It is Persistence
- You Don’t Need the Ultimate Pen-testing Framework!
- New Version of dnsmap out!
- Trapping HTTP Requests and Responses with Python
- Python SSL Mitm Proxy and More
- Identity Theft Attacks
- Submit Your Top Web Hacking Techniques for 2008
- Twitter’s Security is so Poor
- Deep Inspection of Online Personas
- Messing with Web Filtering Gateways
- Happy New 2009
- Thoughts on the Certificate Authority Attack presented at CCC
- Hijacking Innocent Frames
- Firefox Malware
- The Agile Hacking Project
- Even More Advanced Clickjacking
- Gmail Security Flaw
- Bring Back the Attack to the API
- GNUCITIZEN in 2005
- 6000 Members on HoH
- Harder, Better, Faster, Stronger – The Malware
- We Need Better Web Tools
- The Cloud is not That Insecure
- Back from the cons!
- Facebook, Worms and RSS Feeds – Hacking The Web2.0 Way and Beyond
- WP Blogsecurify
- Script Kiddies
- Frame Injection Fun
- Compliance
- More Advanced Clickjacking – UI Redress Attacks
- Security Certifications
- Landing Secapps
- Simple Universal Authentication System
- Social Media Security
- New technique to perform universal website hijacking
- Audio From Black Hat USA 2008
- The QuickTime Vulnerability Overview
- Details of the QuickTime Vulnerability
- My BH Las Vegas Slides
- Rethinking the Desktop Model
- Google Chrome
- Let’s fix the Web
- Clouds and The Distorted Notion of Direct Control
- Viva La Defcon!
- Targeted
- More on GIFARS and Other Dangerous Attacks
- GIFARs and Other Issues
- My Black Hat Talk
- HoH 5001 Members and Growing
- Black Hat Las Vegas Baby
- Pareto Principle in the Informtion Security Industry
- Pwnie Award Nominee
- Professional Soldier
- The Way of Logic into Dan’s DNS Flaw
- OWI: Yet Another Anonymous Point of Attack?
- Landing Blogsecurify
- Google and Wildcard Domains
- OWASP Europe 2008 Ghent
- RISK 2008 Oslo
- Fear
- Virtualizations
- Most Attractive Targets: SaaS
- Dumping the admin password of the BT Home Hub (pt 2)
- Dumping the admin password of the BT Home Hub
- Promo Videos
- Tomorrow’s Malware
- CONFidence 2008
- Ghost Busters
- Agile Hacking: A Homegrown Telnet-based Portscanner
- Conspiracy
- The Public Perception of the Image of Hackers
- QuickTime 0day for Vista and XP
- HITB Dubai 2008
- Black Hat Europe 2008
- There is no spoon…
- Reverse Shell with Bash
- Default key algorithm in Thomson and BT Home Hub routers
- Content Injection: Hack the Hacker
- Hidden
- Kiosk Hacking: When there is nothing else left
- Reviewing Practical PHP Exploitation Techniques
- Darknets
- ZyXEL Gateways Vulnerability Research (Part 2)
- The Computer Misused Act
- What is Black PR
- Black Hat Europe 2008 Amsterdam
- OpenID provides a better security model
- The 10.000 Sites JS Malware Source Code Leaked
- The State of WiFi security
- Agile Hacking
- GNUCITIZEN on PaulDotCom
- Exploring the UNKNOWN: Scanning the Internet via SNMP!
- HITB Dubai 2008: we can’t wait!
- Holes in Embedded Devices: Authentication bypass (pt 4)
- Extreme Search Engine Hacking
- Cross-site File Upload Attacks
- WiFi Infestations – Viral Wardriving
- Social Networks Evil Twin Attacks
- Reconsidering the Side-jacking Attack
- 30mins Introductionary Presentation on Client-side Security
- Holes in Embedded Devices: Authentication bypass (pt 3)
- Holes in Embedded Devices: Authentication bypass (pt 2)
- Holes in Embedded Devices: Authentication bypass (pt 1)
- The Pownce Worm (Yet Another Potential AJAX Worm)
- Total surveillance made easy with VoIP phones
- WiFi Ownage
- JavaScript Global Namespace Pollution
- Holes in Embedded Devices: Desynchronized service acting as backdoor
- Router Hacking Challenge
- Hijacking OpenID enabled Accounts
- Hacking Video Surveillance Networks
- Holes in Embedded Devices: Binary state session management
- Holes in Embedded Devices: IP-based session management
- DHCP/mDNS Injection Issues
- R00Ting Public WiFi Networks: DHCP Name Poisoning Attacks
- Name (mDNS) Poisoning Attacks inside the LAN
- Call Jacking: Phreaking the BT Home Hub
- UPnP: The Saga Continues
- Vulnerabilities in Skype
- Flash UPnP Attack FAQ
- Hacking The Interwebs
- Steal His Wi-Fi
- BT Home Flub: Pwnin the BT Home Hub (5) – exploiting IGDs remotely via UPnP
- Hacking with UPnP (Universal Plug and Play)
- All your Metadata are belong to Us
- Google Hacking for Penetration Testers Second Edition
- A Must Read: Brief Testimony of Our Disclosure Experience
- Google.py
- The Orkut XSS Worm
- Security Common Sense
- Bulletproof Rich-content Filters
- General Purpose Fuzzer.py
- Unveiling shoulder skimming
- Security and hacking scene in London
- Owning Outlook Web Access (OWA) users
- Flash Cookie Object Tracking
- System Hacking from the Browser (the Python Style)
- The value of automated Security Tests
- GEO Tracking Online Personas
- Step One: become an Insider
- Airport Kiosks Security
- Network Communication API Editor’s Draft
- CSRF Demystified
- Persistent XSS and CSRF on Wireless-G ADSL Gateway with SpeedBooster (WAG54GS)
- OWASP USA 2007 AppSec Conference
- Strategic GeoIP Hacking and TV Streaming Theft
- Java JAR Attacks and Features
- Severe XSS in Google and Others due to the JAR protocol issues
- Tomorrow’s Trojan Peddlers
- BT Home Flub: Pwnin the BT Home Hub (4)
- Web Mayhem: Firefox’s JAR: Protocol issues
- ASX plus ClickOnce: Dangerous Combination
- Content-Disposition Hacking
- Bugs in the Browser: Firefox’s DATA URL Scheme Vulnerability
- Snippets of defense Pt.IV
- Joe Walker on Web Application Security
- Mozilla Prism: not there yet!
- Hacking without 0days: Drive-by Java
- Web Client Fuzzer.py
- BT Home Flub: Pwnin the BT Home Hub (3)
- Snippets of defense Pt.III
- GEO-tracking Mobile Phones
- BT Home Flub: Pwnin the BT Home Hub (2)
- Browser Rootkits
- Clear
- Snippets of defense Pt.II
- Strategic Hacking: GEOIP
- 0day: Hacking secured CITRIX from outside
- Remote Desktop Command Fixation Attacks
- BT Home Flub: Pwnin the BT Home Hub
- Snippets of defense Pt.I
- Google.js
- Hacking CITRIX – the forceful way
- CITRIX: Owning the Legitimate Backdoor
- Owning Big Brother: Hollywood-style Exploits Included!
- Google GMail E-mail Hijack Technique
- Google Urchin password theft madness
- 0day: PDF pwns Windows
- Backdooring Windows Media Files
- IE pwns SecondLife
- 0DAY: QuickTime pwns Firefox
- Rain of -MINUS Transactions
- How to make money with XSS
- OWASP Day 2007
- For my next trick… hacking Web2.0
- Searching For Evil
- I don’t think that you understand! – Firefox3 Vulnerable by Design
- OpenID – A Security Story
- Identity 2.0 Security
- Hamster plus Hotspot equals Web 2.0 meltdown NOT
- Facebook Homepage Source Code Probably Leaked
- On Browser Security Restrictions
- Web2.0 is not AJAX
- Constructive Chaos
- Automated Web Foo or Fud!
- Introducing Technika Security Framework
- Congratulation! You’ve been nominated for a Pwnie Award.
- Friendly AJAX XSS Worm for WordPress
- Full Disclosure?
- U R Insecure – how URI exploits are changing the webappsec landscape
- Interview with XS-Snipers
- Attack of the URL Vulnerabilities
- Firefox could also be used as the entry point
- BID 24856 – Flash Player SWF Vulnerability
- Exploiting the iPhone
- Snoop onto Them as they Snoop onto us
- JavaScript XSS Scanner
- Yahoo Site Explorer Spider
- The new dawn of filter evasion
- Security Tool Controversy
- Attacking Password Recovery Facilities
- Co-authoring Google Hacking for Penetration Testers, Volume 2
- Ad-Jacking – XSSing for Fun and Profit
- Landing Securls.com
- Open Source Documentary on Net Neutrality
- One Drop on A Spider Web
- XSS Worms and Mitigation Controls
- About the power of Google
- XSS Attacks – Cross Site Scripting Exploits and Defence
- A Brief History of MySpace
- Does what happens in the Facebook stay in the Facebook?
- MPack – The Movie
- The Generic XSS Worm
- Client-side Security
- Client-side SQL Injection Attacks
- GHDB
- 6th OWASP Conference
- Zero Degrees of Seperation
- Do We Really Need a Security Industry?
- Social Networks Mayhem
- Changes in the British Computer Misuse Act
- XSS Attacks Book Preview
- Persistent CSRF and The Hotlink Hell
- Why HttpOnly won’t protect you
- Application Layer Anti-virus/Firewall
- Firebug Goes Evil
- Username Enumeration Vulnerabilities
- Big Fish
- Preventing CSRF
- ZombieMap
- Sex, Candies and Bookmarklet Exploits
- VBScript to Rule IE
- OWASP
- Noscript HScan
- HScan Redux
- Author of the XSS Book
- Browser Focus RIP
- Playing in Large
- The Shadow
- Technika
- JavaScript Remoting Dangers
- WormX
- What happens to Your Computer if you Mispell Google.com
- Atom Database
- CSRF-ing Blogger Classic
- Google Search Results Poisoning
- How to write AJAX Worms – theoretical point of view
- XSS Prelude
- Universal PDF XSS After Party
- DANGER, DANGER, DANGER
- The year of 2007
- Secure Code Through Frameworks
- Backdooring Images
- Backframe 2.x Sneak Preview
- MySpace QuickTime Worm Follow-up
- Cross-site Request Forgery
- Sploiter Splog
- The Attack of the TINY URLs
- Web Pages from Hell 2
- Automated XSS Detection
- The 0XSS Credo
- XSS Shell and Something More
- Introducing Backweb
- Backframe
- A bag full of tricks
- AttackAPI 0.8 is OUT
- Traversing the Web
- Maluc on JavaScript Worms
- Thoughts on JSPing
- Javascript Spider
- Google Search API Worms 3
- Google Search API Worms 2
- Persistent Bi-directional Communication Channels
- JavaScript Attack Channel
- Introducing XSSDB
- XSSDB
- Self-contained XSS Attacks
- Backdooring MP3 Files
- Google Search API Worms
- Web Pages from Hell
- Cross Context Scripting with Sage
- Backdooring QuickTime Movies
- Backdooring Flash Objects (the receipt)
- Backdooring Flash Objects (the walkthrough)
- Backdooring Web Pages
- AttackAPI
- Security vs. Accessibility
- Fex – enables Firefox Extension Scanner
- JavaScript Authorization Forcer
- JavaScript Visited Link Scanner
- JavaScript Address Info
- XSSing the Lan 4
- XSSing the Lan 3
- XSSing the Lan 2
- XSSing the Lan
- JavaScript Port Scanner
- WSDL Digest 200606
- RDF is Fun
- Jython Shell
- Using The Infocrobes Package
- WS Discovery
- Introduction To Intrusion Detection Systems
- Windows Defence and Attacks
- Infocrobes
- Exegesis of Virtual Hosts Hacking
- Massive Enumeration Toolset