GNUCITIZEN

list of authors

the following list contains all GNUCITIZEN's authors.

• .mario
• Adrian 'pagvac' Pastor
• David Kierznowski
• Ivana Kalay
• pdp

current tag cloud

the following list contains the current tag cloud.

tag clouds were introduced in Wordpress 2.3, therefore not all of our entries have been mapped yet.

last modified entries

the following list contains posts that have been modified lately.

• Agile Hacking: a homegrown telnet-based portscanner
• HITB Dubai 2008
• Browser, mount that folder, thank You!
• House of Hackers Possibilities
• Conspiracy
• The Public Perception of the Image of Hackers
• Live Mesh - Good or Bad Idea?
• Landing House of Hackers
• With all the Web2.0 something bad will happen!
• ZombieMap

most commented entries

the following list contains the most commented posts.

• 0day: PDF pwns Windows
• Google GMail E-mail Hijack Technique
• 0DAY: QuickTime pwns Firefox
• Hacking The Interwebs
• Router Hacking Challenge
• CITRIX: Owning the Legitimate Backdoor
• Backdooring QuickTime Movies
• Agile Hacking
• QuickTime 0day for Vista and XP
• DANGER, DANGER, DANGER

all past entries

the following list contains all currnetly published posts.

• Agile Hacking: a homegrown telnet-based portscanner
• Browser, mount that folder, thank You!
• Conspiracy
• House of Hackers Possibilities
• The Public Perception of the Image of Hackers
• Landing House of Hackers
• With all the Web2.0 something bad will happen!
• Live Mesh - Good or Bad Idea?
• QuickTime 0day for Vista and XP
• HITB Dubai 2008
• Black Hat Europe 2008
• There is no spoon…
• Reverse Shell with Bash
• Default key algorithm in Thomson and BT Home Hub routers
• Content Injection: Hack the Hacker
• Hidden
• Kiosk Hacking: When there is nothing else left
• Reviewing Practical PHP Exploitation Techniques
• Darknets
• ZyXEL Gateways Vulnerability Research (Part 2)
• The Computer Misused Act
• PWN2OWN Rehashed
• What is Black PR
• Black Hat Europe 2008 Amsterdam
• OpenID provides a better security model
• Social Networks, Evil Twins and Puppet Masters
• The 10.000 Sites JS Malware Source Code Leaked
• The State of WiFi security
• Agile Hacking
• GNUCITIZEN on PaulDotCom
• Upcoming
• The Extreme, Web-based Google Hacking Tool
• Exploring the UNKNOWN: Scanning the Internet via SNMP!
• HITB Dubai 2008: we can’t wait!
• Holes in Embedded Devices: Authentication bypass (pt 4)
• Extreme Search Engine Hacking
• Cross-site File Upload Attacks
• WiFi Infestations - Viral Wardriving
• Social Networks Evil Twin Attacks
• Reconsidering the Side-jacking Attack
• 30mins Introductionary Presentation on Client-side Security
• Holes in Embedded Devices: Authentication bypass (pt 3)
• Holes in Embedded Devices: Authentication bypass (pt 2)
• Holes in Embedded Devices: Authentication bypass (pt 1)
• The Pownce Worm (Yet Another Potential AJAX Worm)
• Total surveillance made easy with VoIP phones
• WiFi Ownage
• JavaScript Global Namespace Pollution
• Holes in Embedded Devices: Desynchronized service acting as backdoor
• Router Hacking Challenge
• Hijacking OpenID enabled Accounts
• Hacking Video Surveillance Networks
• Holes in Embedded Devices: Binary state session management
• Holes in Embedded Devices: IP-based session management
• DHCP/mDNS Injection Issues
• R00Ting Public WiFi Networks: DHCP Name Poisoning Attacks
• Name (mDNS) Poisoning Attacks inside the LAN
• Call Jacking: Phreaking the BT Home Hub
• UPnP: The Saga Continues
• Vulnerabilities in Skype
• Flash UPnP Attack FAQ
• Hacking The Interwebs
• Steal His Wi-Fi
• BT Home Flub: Pwnin the BT Home Hub (5) - exploiting IGDs remotely via UPnP
• Hacking with UPnP (Universal Plug and Play)
• All your Metadata are belong to Us
• Google Hacking for Penetration Testers Second Edition
• A Must Read: Brief Testimony of Our Disclosure Experience
• Google.py
• The Orkut XSS Worm
• Security Common Sense
• Bulletproof Rich-content Filters
• General Purpose Fuzzer.py
• Unveiling shoulder skimming
• The Next Line of Defence: Web2.0! You must read this!
• Security and hacking scene in London
• Owning Outlook Web Access (OWA) users
• Flash Cookie Object Tracking
• System Hacking from the Browser (the Python Style)
• The value of automated Security Tests
• h4ck (hacked in 5 minutes)
• CoreAPI (simple multi-purpose JavaScript library)
• GEO Tracking Online Personas
• Step One: become an Insider
• What I have been playing/paying Lately
• GNUCITIZEN Wordpress Plugins
• Google Hacking Becomes More Important
• Airport Kiosks Security
• Network Communication API Editor’s Draft
• CSRF Demystified
• Persistent XSS and CSRF on Wireless-G ADSL Gateway with SpeedBooster (WAG54GS)
• Landing Hakiri
• OWASP USA 2007 AppSec Conference
• Strategic GeoIP Hacking and TV Streaming Theft
• Java JAR Attacks and Features
• Severe XSS in Google and Others due to the JAR protocol issues
• Tomorrow’s Trojan Peddlers
• BT Home Flub: Pwnin the BT Home Hub (4)
• Web Mayhem: Firefox’s JAR: Protocol issues
• ASX plus ClickOnce: Dangerous Combination
• Content-Disposition Hacking
• Bugs in the Browser: Firefox’s DATA URL Scheme Vulnerability
• Dive into the Matrix of Reality!
• Snippets of defense Pt.IV
• Joe Walker on Web Application Security
• Mozilla Prism: not there yet!
• Hacking without 0days: Drive-by Java
• Web Client Fuzzer.py
• BT Home Flub: Pwnin the BT Home Hub (3)
• The Next Generation of Security Tools will run from The Browser
• Snippets of defense Pt.III
• GEO-tracking Mobile Phones
• BT Home Flub: Pwnin the BT Home Hub (2)
• Browser Rootkits
• Renaissance
• Clear
• Snippets of defense Pt.II
• Strategic Hacking: GEOIP
• 0day: Hacking secured CITRIX from outside
• Remote Desktop Command Fixation Attacks
• BT Home Flub: Pwnin the BT Home Hub
• Snippets of defense Pt.I
• Clever Hacking: google.js
• Hacking CITRIX - the forceful way
• CITRIX: Owning the Legitimate Backdoor
• Owning Big Brother: Hollywood-style Exploits Included!
• Google GMail E-mail Hijack Technique
• Google Urchin password theft madness
• 0day: PDF pwns Windows
• Backdooring Windows Media Files
• IE pwns SecondLife
• 0DAY: QuickTime pwns Firefox
• Rain of -MINUS Transactions
• How to make money with XSS
• OWASP Day 2007
• For my next trick… hacking Web2.0
• Searching For Evil
• I don’t think that you understand! - Firefox3 Vulnerable by Design
• PKI Book
• For my next trick… hacking Web2.0 Introduction
• Mindmap: Web2.0 hacking
• OpenID - A Security Story
• Identity 2.0 Security
• Hamster plus Hotspot equals Web 2.0 meltdown NOT
• Yahoo Pipes becomes Mage Powerful
• Mindmap: What is Web2.0?
• Facebook Homepage Source Code Probably Leaked
• On Browser Security Restrictions
• What is Web 3.0?
• Quality
• Web2.0 is not AJAX
• Constructive Chaos
• Innovation at Google
• Automated Web Foo or Fud!
• The Month of Hacker Folklore
• Introducing Technika Security Framework (TSF)
• Congratulation! You’ve been nominated for a Pwnie Award.
• Friendly AJAX XSS Worm for Wordpress
• August: The Month of Hacker Folklore
• Web Trend Map 2007 Version 2.0
• Intel Video Ad on Security, directed by Christopher Guest
• Full Disclosure?
• U R Insecure - how URI exploits are changing the webappsec landscape
• Interview with XS-Snipers
• The huge cloud lens bubble map web2.0
• Attack of the URL Vulnerabilities
• Web2.0 Poster
• Firefox could also be used as the entry point
• BID 24856 - Flash Player SWF Vulnerability
• Exploiting the iPhone
• Hackers
• Snoop onto Them as they Snoop onto us
• jQuery JSON
• GNUCITIZEN Updates
• 5 Generic Yahoo Pipes Hackers Cannot live Without
• JavaScript XSS Scanner
• Yahoo Site Explorer Spider
• Projections
• The new dawn of filter evasion
• Micro Blogging @ GNUCITIZEN
• Security Tool Controversy
• Hacking Like in The Movies - The Web2.0 Style
• Happy Little Hacker2.0
• XSSDB Elite
• Web2.0HDB
• OWASP/GNUCITIZEN Fusion Project
• Attacking Password Recovery Facilities
• Co-authoring Google Hacking for Penetration Testers, Volume 2
• The Top 5 most Popular Web2.0 Services Hackers Cannot live Without
• Ad-Jacking - XSSing for Fun and Profit
• Landing Securls.com
• Gadgets
• Future of Web2.0
• Open Source Documentary on Net Neutrality
• Mashups with the Google Mashup Editor
• One Drop on A Spider Web
• XSS Worms and Mitigation Controls
• About the power of Google
• XSS Attacks - Cross Site Scripting Exploits and Defence
• A Brief History of MySpace
• Does what happens in the Facebook stay in the Facebook?
• MPack - The Movie
• The Generic XSS Worm
• Client-side Security
• Client-side SQL Injection Attacks
• The Next Super Worm
• GHDB
• The Web has Betrayed Us
• 6th OWASP Conference
• Zero Degrees of Seperation
• Do We Really Need a Security Industry?
• 2057 - The City
• Social Networks Mayhem
• Changes in the British Computer Misuse Act
• jQuery Include
• XSS Attacks Book Preview
• TinyURL FS among Other Things
• Google AJAX Feed API Dangers
• Persistent CSRF and The Hotlink Hell
• Why HttpOnly won’t protect you
• Application Layer Anti-virus/Firewall
• Firebug Goes Evil
• Username Enumeration Vulnerabilities
• Big Fish
• Preventing CSRF
• Still Here
• ZombieMap
• Adobe Apollo Alpha1
• Sex, Candies and Bookmarklet Exploits
• VBScript to Rule IE
• Load AttackAPI Bookmarklet
• Firetest
• OWASP
• How I almost GOT Hacked
• PDF and History Hacks
• Noscript HScan
• PDF Strikes Back
• Morning Coffee with pdp: Hacking IE
• IE Local Open Hack
• HScan Redux
• Firefox Offline
• Vista Speech Recognition
• Author of the XSS Book
• Browser Focus RIP
• Plain Old Webserver
• The Machine is Us/ing Us
• Playing in Large
• Just Like Magic
• The Shadow
• Technika (Browser Automation Extension for Firefox)
• JavaScript Remoting Dangers
• Project Digest 200701
• TStore.js
• AJAX Worm Database
• What happens to Your Computer if you Mispell Google.com
• Atom Database
• CSRF-ing “Blogger Classic”
• Greasecarnaval
• Google Search Results Poisoning
• How to write AJAX Worms – theoretical point of view
• XSS Prelude
• Universal PDF XSS After Party
• DANGER, DANGER, DANGER
• The year of 2007
• Secure Code Through Frameworks
• Carnaval
• Outsourced
• Backdooring Images
• Backframe 2.x Sneak Preview
• Util
• Web OS
• MySpace QuickTime Worm Follow-up
• Introducing GNUCITIZEN Topics
• Cross-site Request Forgery
• The state of JavaScript Hacking
• Ultra Bot
• Intelligent Hacking
• Sploiter Splog
• The Attack of the TINY URLs
• Web Pages from Hell 2
• New Nova
• GNUCITIZEN Development Network
• Project Digest 200611
• Automated XSS Detection
• The 0XSS Credo
• XSS Shell and Something More
• Introducing Backweb
• Backframe
• A bag full of tricks
• AttackAPI 0.8 is OUT
• Resurrecting Zombies
• Traversing the Web
• Maluc on JavaScript Worms
• Thoughts on JSPing
• Javascript Spider
• Google Search API Worms 3
• Google Search API Worms 2
• Persistent Bi-directional Communication Channels
• JavaScript Attack Channel
• Introducing XSSDB
• XSSDB
• Self-contained XSS Attacks
• Backdooring MP3 Files
• Google Search API Worms
• Web Pages from Hell
• Cross Context Scripting with Sage
• Backdooring QuickTime Movies
• Backdooring Flash Objects (the receipt)
• Backdooring Flash Objects (the walkthrough)
• JavaScript Shell
• Backdooring Web Pages
• AFLAX and something more
• AttackAPI
• Security vs. Accessibility
• Fex - enables Firefox Extension Scanner
• Introducing Carnaval
• Cross Context Scripting
• JavaScript Authorization Forcer
• JavaScript Visited Link Scanner
• JavaScript Address Info
• XSSing the Lan 4
• XSSing the Lan 3
• XSSing the Lan 2
• XSSing the Lan
• JS Port Scanning
• JavaScript Port Scanner
• TStore.py
• TStore
• WSDL Digest 200606
• RDF is Fun
• Jython Shell (Python in your Browser)
• Idea Workout
• Infocrobing
• WS Discovery
• Introduction To Intrusion Detection Systems
• Windows Defence and Attacks
• Infocrobes
• Exegesis of Virtual Hosts Hacking
• Massive Enumeration Toolset
• GNUCITIZEN Redesign