Our blog

QSSLCAUDIT
Summary Installation from Binary Packages Debian / Kali ALTLinux Installation from Sources Note on OpenSSL 1.1.0 Note on unsafe OpenSSL variant Build Instructions Detailed build description Building unsafe OpenSSL library Usage Forwarding Connection application…
December 29, 2018 | by abb
Read more
TCP to WebSockets proxy in python
There seems to be a few proxies that can convert a WebSockets connection to TCP, however I couldn't find anything that goes other way around. Having the task of sending crafted messages to a WebSockets connection made me write one. Having a TCP to WebSockets proxy allows me to use netcat as a…
September 14, 2015 | by alla
Read more
Secure file upload in PHP web applications
This is an old paper I wrote about vulnerabilities in file upload implementations in PHP web applications. The web site it used to live on no longer exists, so I thought I repost it here to have it close at hand. It is relevant to other web application technologies (Java, .NET, etc.) but all the…
June 25, 2014 | by alla
Read more
Burp is Going to Support PKCS#11
Great news - PortSwigger is working on PKCS#11 support (SSL client certificates stored on hardware tokens, such as smart cards) for Burp. I got to try the test build - it works perfectly with Belgian eID on Linux. I am really happy about it - no more awkward chaining of proxies and SSL tunnels to…
March 26, 2013 | by alla
Read more
MagicTree 1.3 - important bug fixes and support for IBM Rational AppScan
We have released MagicTree 1.3. It fixes several nasty bugs that may lead to data corruption. We recommend everybody who uses MagicTree to upgrade. New features include support for AppScan XML and better handling of Imperva Scuba XML Here is the full change log: Fix for #307 "Cannot create a…
March 14, 2013 | by alla
Read more
We are hiring again!
Once again, we are looking for a penetration tester. See this post for a descriptiong of skills we are interested in. Prior penetration testing experience is a plus, but not a must, provided that you have the necessary knowledge, both practical and theoretical. The job is in Brussels, Belgium,…
December 6, 2012 | by alla
Read more
Testing Riddler CAPTCHA
We have recently been swampted by spam forum posts and comments. Some seem to be submitted by bots while other appear to be from humans. Untill now we've been using Image CAPTCHA module which doesn't seem to help much. We have now installed and configured Riddler. Let's see if it helps. If you are…
October 20, 2012 | by alla
Read more
MagicTree 1.2 Is Out
MagicTree 1.2 is available for download. New features in this release: Metasploit XML import (issue #228) Support "critical" severity from Nessus 5 (issue #254) XSLT export. MagicTree data can now be exported as arbitrary XML. An XSLT for nmap-format export is provided. Use case: merge multiple…
September 26, 2012 | by alla
Read more
Nice arduino-based circuit
http://www.xkcd.org/730/
June 20, 2012 | by abb
Read more
Finally, a standard Linux 3.2 bridge can forward 802.1x messages!
Finally, a feature to make Linux bridge transparent to 802.1x EAP messages is in the official 3.2 kernel! No more manual kernel patching or messing with openswitch. This feature is mostly useful for pentesting 802.1x-protected networks. To force a bridge forward 802.1x EAP messages all you needs to…
June 12, 2012 | by abb
Read more

Contacts

+32 (0) 2 215 53 58

info@gremwell.com

Gremwell BVBA
Sint-Katherinastraat 24
1742 Ternat
Belgium
VAT: BE 0821.897.133.