We Are Hiring

We are looking for a penetration tester. Most of the work is in or around Brussels. Some of the work will have to be done remotely. Employee or subcontractor.

You'll get a lot of opportunities to hack stuff. Actually, you'll be trying to break stuff most of your working time. Except when you are writing reports. Or trying to make stuff work, before you can start breaking it. Most of the work are web application tests, but other stuff as well, from hardware hacking to custom client-server applications.

MagicTree 1.1 Released

MagicTree 1.1 is released and available for download. This release includes:

  1. Rapid 7 NeXpose XML import (both simple XML and full XML formats are supported)
  2. Arachni XML import (as of Thanks to Herman Stevens of Astyran for contribution)
  3. OWASP Zed Attack Proxy XML import (development snapshot as of 6-Feb-2012)
  4. New matrix query interface
  5. Bug fix (#224) Remove orphan projects does not work anymore
  6. Bug fix (#226) NPE in dumpData()

Installing Arachni from Source on Ubuntu 11.04 (Natty)

Herman Stevens has developed an XSLT for importing Arachni data into MagicTree.

To test his XSLT I went to install the latest development version of Arachni on my Ubuntu 11.04 (natty). Having fought with it for a while and finally managing to install it, I thought that the description of the process might help somebody else. So here it goes.

First I downloaded the sources:

NeXpose XML - A Rant

As promised here I am working on XSLT for Rapid7 NeXpose XML reports.

There is one great big problem though. "NeXpose Simple XML" format (which is the only XML format available, at least in community edition) contains almost no vulnerability information.


MagicTree Forum

I have created a forum for MagicTree. You can ask and answer questions, discuss features, post tips and tricks, or complain.

A tool to search for serialized Java objects in a binary stream

Here is a little tool which help finding and dumping any serialized Java objects in a binary stream. It accepts just one parameter -- the name of the file to load the binary stream.

First run:

$ java -jar jsersearch.jar /tmp/payload.dat
Found objectStream at offset 55, dumping ...
Caught exception while dumping java.lang.ClassNotFoundException: XXXRequestBase
End of dump (from offset 55)
Offset 1756 exception

"Proper" pfSense backup script

Well, maybe the title is a bit ambitions, but at least the script below is is an improvement comparing to these two approaches: 1 and 2:
* It validates server-side certificate instead of ignoring them
* Logs out to invalidate the session cookie and wipes the temporary file used to store it
* Does not fetch whole bulk of RRD data

#!/bin/sh -e



Ubuntu 11 on Kingston SV100S2/256G SSD

Here are some notes about my attempt to install Ubuntu 11 on Kingston SV100S2/256G SSD (on Dell Latitude E6510 laptop). Just in case somebody else finds it useful.

I have Googled around for information about SSD disk optimization for Linux and found that there are two main things to consider: partition alignment and filesystem options.

It appears to be important to (try to) align disk writes by the boundaries of SDD erase block size. This [1] article talks about LVM volumes alignment.

MagicTree 1.0 Released

We are happy to announce that MagicTree version 1.0 is released and available for download.

We would like to thank everybody who submitted bug reports, feature requests or just wrote to tell us that they love MagicTree. You helped a lot!

Version 1.0 includes a lot of bug fixes and a number of new features, such as:

* Support for Acunetix data import
* Support for W3AF data import

Pentesting Web Services with Proprietary Formatted Input


From time to time I come across a web service that expects its input in some proprietary format, usually JSON distorted in one way or another. A vulnerability scanner knows nothing about that stuff and can't properly fuzz it. (At the time of this writing Acunetix and Burp Pro support JSON only in HTTP responses.) In this case one has to resort to pure manual testing or partially automatic test with a fuzzer. Both approaches have their limitations, and I decided to finally find a way to run an automated scanner against proprietary web services.


Subscribe to RSS - blogs