Home Projects Pictures Books About PGP Key

Riding an OSVBD 100pt Data Mangle High

July 13th, 2008 Anthony Towry

OSVDB LogoLast year sometime after Defcon and the early stages of forming the DC405, a friend of mine (m00dimus) got me into participating with the Open Source Vulnerability Database Project.  Since then we've had some big fun organizing mangle parties to promote project participation (even if we beat more beer than bugs sometimes) and we've made a significant contribution to the effort.

Over the past 9 months or so, I've gotten a lot out of digging into some of the vulnerabilities I've researched.  I've passed a major milestone in my mangling, now sitting at 100.25 points!  I do want to say thanks to the group at OSVDB for the new 2.0 interface, which cut the time for each submission in half.

Let's keep it rolling! Join OSVDB and get mangling!

Posted in Community, Projects, Security | No Comments »

Fingerprinting Wordpress

April 13th, 2008 Anthony Towry

Some of you may know that I'm currently working on a fingerprinting application that will attempt to expose a variety of frameworks and libraries that are being used by a given web app. The only thing I've seen out up to this point is Net-Square's ajaxfinger, which is a quick little regex matcher for known filenames. Read the rest of this entry »

Posted in Projects | No Comments »

DoggednessQL - SQL Password Brute Forcer

November 24th, 2007 Anthony Towry

I just posted up the code, demo and info for a short utility I wrote for MS SQL Server password auditing. The application isn't all that special really, but should make one point.

When developing security apps, languages and libraries supported by a vendor might very well be way too abstracted to really get at the bits you want, but shouldn't be rejected out of hand. Vendor SDKs and APIs may provide the perfect interfaces for creating that dirty client you're working on.

Check out DoggednesSQL here.

Posted in Programming, Projects | No Comments »

Now Contributing to OSVDB!

November 2nd, 2007 Anthony Towry

...or at least trying to.  I applied to get an account with the Open Source Vulnerability Database project a while back.  Today I found out that my application was accepted and had been sitting in my spam folder for over two weeks.  Nice.

If you're signed up to contribute to the project you're supposed to try to keep up with mangling a vulnerability on at least a daily basis.  So, needless to say, I feel like I'm about two weeks behind.  Sure, the guys at OSVDB probably aren't going to bust my balls about it, but still Read the rest of this entry »

Posted in Projects, Security | 2 Comments »

  • Recent Posts

    • New ProCheckUp ValidateRequest Bypass
    • Samurai Web Test Framework 0.1
    • Altering the Mac OS X Login Access Window Text
    • Summary on the State of Nmap
    • Android Security Team Says Hi

  • Archives

    • September 2008
    • August 2008
    • July 2008
    • June 2008
    • May 2008
    • April 2008
    • March 2008
    • February 2008
    • January 2008
    • December 2007
    • November 2007
    • October 2007
    • September 2007
    • August 2007
    • July 2007

  • Categories

    • Art
    • Books
    • Community
    • conferences
    • Hardware
    • Management
    • Operating Systems
    • Podcast
    • Programming
    • Projects
    • Security
    • Site News
    • Software
    • Testing
    • Uncategorized
    • Web development

  • Blogroll

    • Defcon 405
    • ha.ckers.org
    • Halvar Flake
    • OSVDB Blog
    • phed.org
    • Scott Berkun’s Blog

  • Tags

    .Net ASP.NET Beta Books browser buffer overflow C Community Compliance Concept conferences Credit Cards dc405 defcon Development exploit Future fuzzing hacking Linux malware Management Metasploit Microsoft oklahoma Open Source osvdb OS X Patterns PCI Perl Podcast Programming protocols Ruby secure coding Security Silverlight SQL Server Testing tools vulnerabilities vulnerability WordPress xss

Calculated Decision has Joomla! under the hood!

Podcast Powered by podPress (v8.8)