alla's blog

We Are Hiring

We are looking for a penetration tester. Most of the work is in or around Brussels. Some of the work will have to be done remotely. Employee or subcontractor.

You'll get a lot of opportunities to hack stuff. Actually, you'll be trying to break stuff most of your working time. Except when you are writing reports. Or trying to make stuff work, before you can start breaking it. Most of the work are web application tests, but other stuff as well, from hardware hacking to custom client-server applications.

MagicTree 1.1 Released

MagicTree 1.1 is released and available for download. This release includes:

  1. Rapid 7 NeXpose XML import (both simple XML and full XML formats are supported)
  2. Arachni XML import (as of 0.4.0.2. Thanks to Herman Stevens of Astyran for contribution)
  3. OWASP Zed Attack Proxy XML import (development snapshot as of 6-Feb-2012)
  4. New matrix query interface
  5. Bug fix (#224) Remove orphan projects does not work anymore
  6. Bug fix (#226) NPE in dumpData()

Installing Arachni from Source on Ubuntu 11.04 (Natty)

Herman Stevens has developed an XSLT for importing Arachni data into MagicTree.

To test his XSLT I went to install the latest development version of Arachni on my Ubuntu 11.04 (natty). Having fought with it for a while and finally managing to install it, I thought that the description of the process might help somebody else. So here it goes.

First I downloaded the sources:

NeXpose XML - A Rant

As promised here I am working on XSLT for Rapid7 NeXpose XML reports.

There is one great big problem though. "NeXpose Simple XML" format (which is the only XML format available, at least in community edition) contains almost no vulnerability information.

Tags: 

MagicTree Forum

I have created a forum for MagicTree. You can ask and answer questions, discuss features, post tips and tricks, or complain.

MagicTree 1.0 Released

We are happy to announce that MagicTree version 1.0 is released and available for download.

We would like to thank everybody who submitted bug reports, feature requests or just wrote to tell us that they love MagicTree. You helped a lot!

Version 1.0 includes a lot of bug fixes and a number of new features, such as:

* Support for Acunetix data import
* Support for W3AF data import

MagicTree Build 1559

I've just uploaded MagicTree build 1559, which includes fixes for bugs we have found while working on the PenTest Magazine article.

We are working hard on the next release of MagicTree. We hope to have it out before the end of September.

Tags: 

Taming Vulnerability Data - Our article on MagicTree in PenTest Magazine

Update 2011/09/17: MagicTree build 1559 mentioned in the article is available for download.

PenTest Magazine has published our article Taming Vulnerability Data in its September extra issue along with a MagicTree review by Aby Rao.

Interview with Data News

Belgian IT magazine Data News has published the interview with Filip Waeytens and me (Alla) today. It is about penetration testing, hacking and IT security in general. Here is the PDF in Dutch. The whole issue can be viewed here.

Web Site is Alive Again

Our web server has temporarily succumbed to bit rot. Now it is migrated to a sparkling new virtual machine, DNS updated and everything seems to be ticking along as it should. Sorry for any inconvenience this might have caused.

Pages

Subscribe to RSS - alla's blog