Jeriko Group and Source Code Repository

Jeriko moved in its own source code repository which you will be able to find here. There is also a discussion group here, if you feel like using it.

The version inside the new code repository is very different from the version you’ve seen before. The main difference is that while the old version is basically a collection of scripts, the new version implements its own shell (wrapper around bash) which does the heavily lifting and also introduces some funky programming mechanisms. [...]

more | comments | comments rss | posted by

Hacking Linksys IP Cameras (pt 1)

During the easter break, I was playing with my my wireless Linksys IP camera which, although I bought several months ago, I hadn’t taken my time to give the attention this beauty deserves until now! :)

The model in particular is the WVC54GCA, which I would say is one of the most affordable Wi-Fi IP cameras out there (about GBP 80 in the UK), making it a great toy to tinker with. [...]

more | comments | comments rss | posted by

More Penetration Testing Goodness with Jeriko

Over the last couple of weeks I’ve added more features to the Jeriko toolkit which I briefly covered in my post over here. For those of you who don’t know, Jeriko is a compilation of various bash scripts to ease manual penetration testing practices. The idea is to automate only the things which are sort of boring.

Anyway, now you have a few more scripts at your disposal. [...]

more | comments | comments rss | posted by

The Agile Hacking Project

This is a quick announcement regarding the Agile Hacking project. For those of you who are not familiar with this project, there is a post that you can go through over here.

So, the Agile Hacking project has found a new home in the newly established House of Hackers V2 initiative, which is essentially the House of Hackers‘ wiki. We plan to use V2 as our main project repository. [...]

more | comments | comments rss | posted by

Bring Back the Attack to the API

A couple of years ago I started a project called AttackAPI. It kind of became a hit at the time because there was no other project that was doing the same thing. Btw, the situation remains the same.

Today the project is kind of dead because I am not actively developing it anymore. Most of my development time go to projects of greater importance such as Netsecurify, Websecurify, Blogsecurify and several others. [...]

more | comments | comments rss | posted by

6000 Members on HoH

Just a couple of months ago, we started HoH as one of our social experiments. Initially the network was composed of just about 10-15 people and there was nothing fancy about it. We didn’t even have a domain although we promised to ourselves that if we reach 1000 members we will certainly look into buying a domain and also investing into other resources.

Amazingly, we reached the 1000 cap quite rapidly and today the HoH network is just over 6000 members. [...]

more | comments | comments rss | posted by

WP Blogsecurify

The WP Blogsecurify 1.0 wordpress plugin is out.

What does it do?

WP Blogsecurify is a security plugin for WordPress designed to integrate several simple but important security patches for the popular blogging platform. [...]

more | comments | comments rss | posted by

ZombieMap

ZombieMap is an AJAX application that you can use to locate Zombies hooked on a XSS proxy. If you XSS someone and you attach it ZombieMap, their GEO location will magically appear. The project does not have any other merit apart from being fun.

ZombieMap is highly extensible mapping application. Developers can extend virtually every aspect of the application environment. If you cannot see points on the map in the first 5 seconds, most probably there are no attached clients. [...]

more | comments | comments rss | posted by

Technika

Technika is a general purpose scripting platform for Firefox. It acts like a standard OS shell scripting environment. You can script everything from the currently viewed page, just like Greasemonkey, and everything in the chrome, just like any browser extensions but without need to restart the browser every time you make a change. The platform will be used as a base component to other projects, such as TSF (Technika Security Framework) and AttackAPI browser extension. [...]

more | comments | comments rss | posted by

Atom Database

The purpose of this project is to collect useful attack snippets (atoms) which can be employed when performing WEB Application Security testing. Atom submissions must follow certain format which is:

Atom name – It must be enclosed inside <h3>[atom name here]</h3> tags.
Atom description – It must start on a new paragraph.
Atom code – It must be enclosed inside <pre><code>[atom code here]</code></pre> tags. [...]

more | comments | comments rss | posted by