Petko D. (pdp) Petkov

Petko D. Petkov, a.k.a pdp, is founder and leading member of the GNUCITIZEN Information Security Think Tank, a leading organization in the sphere of offensive and defensive information security research. PDP is a recognized information security researcher, penetration tester, frequent speaker at industry recognized events, and published author who has contributed to several best-selling books, numerous popular blogs and online magazines. » more

post avatar

Skydive

What is the best way to spend a quiet, weekend afternoon? – Jump off a perfectly working plane while 10,000 feet in the air.

On 5th of July 2009, the GNUCITIZEN team and friends came together to perform a skydiving gig. It has been two months since that day but memories are still as clear as yesterday.

» more | » comments | » comments rss | posted by pdp
post avatar

Free Web Application Security Testing Tool

Automated Web Application Security Testing tools are in the core of modern penetrating testing practices. You cannot rely 100% on the results they produce, without considering seriously their limitations. However, because these tools are so good at picking the low-hanging fruit by employing force and repetition, they still have a place in our arsenal of penetrating testing equipment.

These tools are not unfamiliar to modern day penetration testers. [...]

» more | » comments | » comments rss | posted by pdp
post avatar

Breaking Into a Home With an iPhone

This is going to be one of these quick posts which just makes you think what the information security landscape will be like in 5 years. Before I move on with my commentary, here is a video which is essential for you to watch.

Got the idea? No! Let me explain. What you see in the video above is an application for the iPhone which gives you detailed characteristics of properties (houses) in USA. [...]

» more | » comments | » comments rss | posted by pdp
post avatar

Extensions at War

Two of the most popular Firefox extensions are at war, fighting for their own piece of land. More examples will follow.

Oh yes, the digital battlefield is taking unusual shapes. The latest manifestation of cyber warfare is a conflict between the Adblock Plus and the NoScript extensions. The story goes that NoScript used some JavaScript tactics and, of course, some obfuscations in order to cripple the Adblock Plus functionalities. [...]

» more | » comments | » comments rss | posted by pdp
post avatar

Exploit Sweatshop

When I was playing/introducing the partial disclosure practice an year and something ago, I did get contacted by numerous dodgy characters willing to buy yet undisclosed vulnerabilities for substantial amount of money.

Of course, requests of that nature were kindly ignored. I couldn’t believe that someone was willing to give me so much money for something I virtually spent 2-3 hours maximum to produce. [...]

» more | » comments | » comments rss | posted by pdp
post avatar

Jeriko Group and Source Code Repository

With this post I would like to inform you that Jeriko moved in its own source code repository which you will be able to find here. There is also a discussion group here, if you feel like using it.

The version inside the new code repository is very different from the version you’ve seen before. [...]

» more | » comments | » comments rss | posted by pdp
post avatar

It is All About People Manipulation Skills

On the 14th this month, Computerworld published an interesting article titled ‘Mafiaboy’ spills the beans at IT360 on underground hackers. Interesting read but nothing too exciting.

The article is yet another proof that we are all in big trouble. Simply put, the technology will continue to develop and the majority of people wont be able to keep up. As long as the situation remains the same, people and corporations will get exploited regardless how tight their security is. [...]

» more | » comments | » comments rss | posted by pdp
post avatar

Exploit Development Framework Design

Perl, Ruby Python: use the language that suits your character. However, one of the things that differentiate python from the rest is its philosophy, which is: there should be one– and preferably only one –obvious way to do it (where it is a problem). This philosophy gives python some interesting advantages over other similar languages. That will be explained later on. [...]

» more | » comments | » comments rss | posted by pdp
post avatar

Even More XSS Worms

This morning I spotted several blog posts mentioning that Twitter has been hit by yet another XSS worm.

There is no merit in discussing how this has been done and for what purposes but this incident is yet another proof that the attack landscape is rapidly changing and moving towards web enabled infrastructures and the client-side. [...]

» more | » comments | » comments rss | posted by pdp
post avatar

Tools of Trade

I wish I had the ultimate tool, whether that is a programing language such as perl, python and ruby, or whether it is a framework like metasploit and vulnerability scanner like nessus. I wish, but I know that such thing doesn’t exist and probably never will.

Lately I’ve been dropping a lot bash scripts on public forums and of course on work related projects. Many people came back to me asking why I chose bash. Python or perl would have been better! [...]

» more | » comments | » comments rss | posted by pdp
GNUCITIZEN twitter GNUCITIZEN youtube GNUCITIZEN flickr GNUCITIZEN linkedin GNUCITIZEN facebook GNUCITIZEN mail GNUCITIZEN feed

The Others

from the creators of GNUCITIZEN we bring you...

GNUCITIZEN Products

Blogsecurify is a division of GNUCITIZEN. The initiative was established to provide social media security services through our free automated testing engine. The Blogsecurify team is also engaged to deliver quality content on issues concerning social media technologies.

Netsecurify is a division of GNUCITIZEN. The initiative was established to provide network security services through our free automated testing engine. The service is still in private-beta.

Websecurify is a division of GNUCITIZEN. The initiative was established to provide a free web application security framework for automated and manual penetration testing. The service is still in private-beta.

Secapps serves as an application directory of all online tools which the GNUCITIZEN team has built over the years.

Securls serves as an information security intelligence tool, combining news and articles from the best information security resources online.

Visit the GNUCITIZEN Network for a complete listing of all GNUCITIZEN initiatives, products and partnering organizations.