Our blog

We are hiring again!
Once again, we are looking for a penetration tester. See this post for a descriptiong of skills we are interested in. Prior penetration testing experience is a plus, but not a must, provided that you have the necessary knowledge, both practical and theoretical. The job is in Brussels, Belgium,…
December 6, 2012 | by alla
Read more
Testing Riddler CAPTCHA
We have recently been swampted by spam forum posts and comments. Some seem to be submitted by bots while other appear to be from humans. Untill now we've been using Image CAPTCHA module which doesn't seem to help much. We have now installed and configured Riddler. Let's see if it helps. If you are…
October 20, 2012 | by alla
Read more
MagicTree 1.2 Is Out
MagicTree 1.2 is available for download. New features in this release: Metasploit XML import (issue #228) Support "critical" severity from Nessus 5 (issue #254) XSLT export. MagicTree data can now be exported as arbitrary XML. An XSLT for nmap-format export is provided. Use case: merge multiple…
September 26, 2012 | by alla
Read more
Nice arduino-based circuit
http://www.xkcd.org/730/
June 20, 2012 | by abb
Read more
Finally, a standard Linux 3.2 bridge can forward 802.1x messages!
Finally, a feature to make Linux bridge transparent to 802.1x EAP messages is in the official 3.2 kernel! No more manual kernel patching or messing with openswitch. This feature is mostly useful for pentesting 802.1x-protected networks. To force a bridge forward 802.1x EAP messages all you needs to…
June 12, 2012 | by abb
Read more
Burp plugin for scanning GWT and JSON HTTP requests
Update: Burp Suite Pro 1.4.10 supports JSON scanning out of the box, see http://releases.portswigger.net/2012/06/v1410.html Update 2: The plugin is released under the terms of GNU GPL. In short it means that you can use it and change it as you like, publish the changes under GNU GPL if you like,…
June 1, 2012 | by alla
Read more
Release of sslcaudit 1.0
I would like to announce release of sslcaudit 1.0. This tool is designed to automate testing SSL/TLS clients for resistance against MITM attacks. There is no proper installation procedure yet (Debian package and distutils-based Python installer are coming soon). For now just fetch the release from…
May 11, 2012 | by abb
Read more
Does your test system support SSLv2?
Since July 2010 Ubuntu has disabled support for SSLv2 in OpenSSL library. If you are testing remote hosts for SSLv2 using a client that does not support it, you are getting false negatives. Here is how you can check if you system supports SSLv2: alla@notsoshiny:~$ socat OPENSSL-LISTEN:1080,method=…
May 9, 2012 | by alla
Read more
Release of sslcaudit v1.0 RC1
UPDATE: Newer version of sslcaudit is available here. Here is sslcaudit v1.0 RC1. The goal of the project is to develop a utility to automate testing SSL/TLS clients for resistance against MITM attacks. The project is GPL-licensed, source code hosted at github. PDF user guide is available at here.…
May 1, 2012 | by abb
Read more
Yet Another Portscanner (in Python)
I've written a custom TCP port scanner, to handle a broken target sporadically responding with SYN-ACKs even on filtered ports. Nmap detect such ports as open (in syn- and connect-scan modes). $ sudo ./run.sh -s 172.16.33.1 -d 172.16.33.144 --p0 21 --p1 25 -i vmnet8 INFO:Scanner:res 172.16.33.144…
April 13, 2012 | by abb
Read more

Contacts

+32 (0) 2 215 53 58

info@gremwell.com

Gremwell BVBA
Sint-Katherinastraat 24
1742 Ternat
Belgium
VAT: BE 0821.897.133.