Category: Pentest

  • The revised and compressed OWASP Top 3 Web Application Vulnerabilities

    The revised and compressed OWASP Top 3 Web Application Vulnerabilities

    I love Top 10s. They’re everywhere and about everything: Top 10 Fascinating Facts About Neanderthals, Top 10 Crazy Bridal Preparation Customs, Top 10 Alleged Battles Between Humans And Aliens, etc. But my question was always: why 10? Why not 11? Or 9. Or whatever else? I guess 10 sounds more important than 11 or 9. It’s the decimal system, 10…

  • http vs https performance

    A while ago I had a huge argument with a development team regarding the usage of https. Their major concern was that the impact on performance would be so big that their servers wouldn’t be able to handle the load. Their approach was to use https just for the login sequence and plain text communication…

  • Does it pay to be a BlackHat hacker?

    Dan VASILE @DefCamp Bucharest 2013

  • Bug Bounty Programs

  • Building an InfoSec RedTeam

    Building an InfoSec RedTeam from Dan Catalin VASILE

  • OWASP Romania

    If you are an English speaker, well, this is a post announcing and promoting the Romanian Chapter of OWASP. You can join your local chapter or the global effort of OWASP to improve information security. ### OWASP (The Open Web Application Security Project) are acum deschisa o organizatie locala si in Romania. Suntem in cautare de noi…

  • Techniques to play with custom and encrypted protocols

    An interesting presentation from DEFCON20 provided by Elie Bursztein and Patrik Samy called “Fuzzing Online Games” touches areas of application security where traffic analysis is not enough to perform a penetration test. As stated by the authors: “In a nutshell the lack of direct access to the game server and having to deal with clients…

  • Check if an email address is valid – the telnet way

    You can use telnet to check if an email is valid. You can actually send emails via telnet, but we’ll stick to checking for now. Remember that this is not a string validation but a complete check with the mail server if the user is valid. For this example we will use [email protected].

  • Check if an email address is valid – the telnet way

    You can use telnet to check if an email is valid. You can actually send emails via telnet, but we’ll stick to checking for now. Remember that this is not a string validation but a complete check with the mail server if the user is valid. For this example we will use [email protected].

  • Attacking the lottery

    This is purely a theoretical attack on a lottery system. No magic combinations or generators, no syndicates or reading the stars, just a plain attack on the system. First of all, there are some perquisites. One will need an insider or more in order to carry out the attack, but this should not be a…