Our blog
Update 17/01/2011: If you are interested in 802.1x bridging, have a look at my Tapping 802.1x Links with Marvin blog post.
802.1x authentication messages are sent in Ethernet frames with destination MAC address set to 01:80:C2:00:00:03. This address belongs to “IEEE 802.1D MAC Bridge Filtered MAC…
August 31, 2010 | by abb
Passwords on post-it notes, unencrypted Wi-Fi, Windows hanging, laptops breaking and other IT misery
This article in Computerworld is absolutely hilarious.
It describes a spying operation by Russians failing miserably due to various mishaps, such as laptop repair taking two months, Windows hanging…
July 15, 2010 | by alla
Now when I have a blog for half a year I figured I should post something. So here goes description of using Linux (Ubuntu in my case) bridge configured to redirect selected TCP connections to intercepting proxy (Burp) and while letting the intercepting proxy communicate with the server. Quite…
July 7, 2010 | by abb
In a thread on StackOverflow people (programmers mostly) post about worst security holes they have ever seen. It's pretty interesting reading.
You know what's most interesting about it? If you are a practising pentester, you'll be bored half way through the first page, because you have seen most of…
July 5, 2010 | by alla
A lot of web developers have gotten the message about the SQL injection and are using parametrized statements. Still, there are a few cases where using parametrized statements is not quite straightforward, such as in LIKE clause.
Suppose you want to do something like this:
SELECT * FROM people…
July 5, 2010 | by alla
MagicTree Beta One is out!MagicTree Beta One is out!
They don't have <dance> or <jump-up-and-down-excitedly> tags in HTML or I'd use those too.
We are very happy (and mildly surprised) to announce Beta One release of MagicTree. The documentation is available here. If you would like to…
June 26, 2010 | by alla
All the crazy SSL servers seem to come my way - ones that only support weird combinations of protocols and ciphers, ones that require client certificates stored on PKCS#11 hardware, and ones that require SSL renegotiation.
Turns out that Sun has recently disabled SSL/TLS renegotiation in Java by…
June 8, 2010 | by alla
I am thoroughly impressed. A combination of reflected XSS, insecure file uploads and bad passwords allowed the attackers to gain root on one of the Apache Foundation's servers, and gain non-privileged shell on another one. Here is the story directly from Apache.
In my opinion the most interesting…
April 19, 2010 | by alla
Supporting ActionScript 2 and ActionScript 3
During a recent test I have stumbled upon this wonderful tool: HP SWF Scan. It is positioned as a vulnerability scanner for Flash, but what it also does is decompiling. Here is a screenshot:
Compared to Flare it supports ActionScript 3, has a usable GUI…
April 8, 2010 | by alla
We are very sorry to say that we have to delay Beta One release of MagicTree. It was planned for the beginning of April, but due to unexpectedly high consulting workload we will have to delay it at least until the beginning of May.
There is just one major feature that is missing for the Beta. It is…
March 22, 2010 | by alla
Contacts
+32 (0) 2 215 53 58
Gremwell BVBA
Sint-Katherinastraat 24
1742 Ternat
Belgium
VAT: BE 0821.897.133.