Landing Proxify

I am really happy to announce the first release of proxify. I started writing this tool several years ago but I was never able to finished it. The first release (version 1.0) is now available for download on all platforms: Linux, Mac and Windows.

What is Proxify

The idea behind Proxify is to create a proxy that is just good at doing proxying. It is the proxy of all proxies so-to-say. [...]

more | comments | comments rss | posted by

Fuzzing XML and JSON Pt.1

It is hard to get back to blogging especially when there are easier alternatives to scratch your itch – I am talking about twitter. However, I decided to make the effort and see where it takes me. It will be difficult initially but practice leads to continuous improvement.

What I would like to do is to highlight some of the work I did to take two relatively simple and straightforward penetration testing practices to the next level: this is XML and JSON fuzzing. [...]

more | comments | comments rss | posted by

You and Your Research

This is really one of my favourite talks from this year’s HITB in KL.

@haroonmeer did an exceptional job at describing what it takes to produce an exceptional piece of work/research and the various pitfalls and sacrifices one needs to make.

more | comments | comments rss | posted by

Well Websecurify Runs on The iPhone

This is not necessarily news anymore since it was discussed on the Websecurify official blog but we are so excited about it that we could not hold ourselves from posting it here too.

The testing engine used in this particular version of Websecurify is optimized to run with the least possible amount of memory. The results of the scanner are as good as those produced by all other Websecurify variants although in some cases it may miss some statistically unlikely types of issues. [...]

more | comments | comments rss | posted by


I have been avoiding the topic about Stuxnet for quite some time, mainly because there were many others who spent the time to take the virus apart. However, here is a video, which I find rather amusing:

Wether this is the real deal or simply fear mongering, I simply don’t know. It is all speculations at the moment. [...]

more | comments | comments rss | posted by

Having fun with BeEF, the browser exploitation framework

We haven’t featured any guest bloggers in a while, but we’re glad to be featuring Chirstian Frichot this month! Christian is a security professional based in Perth, Western Australia. He’s currently working in the finance industry as part of a tight-knit internal team of security consultants doing their best to protect their business and customers from technical threats such as malware or insecure web applications. [...]

more | comments | comments rss | posted by

ColdFusion directory traversal FAQ (CVE-2010-2861)

A new Adobe hotfix for ColdFusion has been released recently. The vulnerability which was discovered by Richard Brain, was rated as important by Adobe and could affect a large number of Internet-facing web servers. The FAQ bellow is meant to shed some light on this vulnerability so that ColdFusion administrators can understand what they’re up against. [...]

more | comments | comments rss | posted by

1ST European Edition of HITB Coming Up!

In case you haven’t heard yet, HITBSecConf is hosting the first European Edition of their conference in Amsterdam during 1st-2nd July ’10. The history of the HITB conferences can be traced back to 2002, the year in which the first ever edition of HITB took place in Malaysia. Since then, HITB has grown to become the biggest technical computer security event in Asia and has extended their presence to the Middle East and now Europe. [...]

more | comments | comments rss | posted by

Hacking Linksys IP Cameras (pt 6)

This article is a continuation of the following GNUCITIZEN articles: here, here, here, here and here.

As we know, there are several ways one could go about hunting for IP cameras on the net. The slowest way would be to portscan random IP addresses for certain ports and programmatically detect if the web interface of a given camera was available on the open ports found. [...]

more | comments | comments rss | posted by

Dnsmap v0.30 is now out!

After working on dnsmap for a few months whenever time allowed, I decided there were enough additional goodies to make version 0.30 a new public release. Let me just say that a lot of the bugs that have been fixed, and features that have been added to this version would not be possible without the feedback from great folks such as Borys Lacki (, Philipp Winter ( and meathive ( Thanks guys, your feedback was highly valuable to me. [...]

more | comments | comments rss | posted by