Security at Stake

Me-Myself-I

Search

Projects-

Email Contacts.

Linkedin Network..

Previous Posts

IS Research Author

Conferences.

EuSecWest
Troopers
XFocus Xcon
Xfocus XKungfoo
Owasp
Clubhack
CERT-IN

Archives

Links

Web Registration Attacks : Digging in.

The registration attacks are on high now days.It actually comprise of the definitive manipulation in the databases through fake user registration. The database is flooded with users through poorly coded registration pages. You might have seen many registration pages with input arguments as user name, password, email , address etc. The specified arguments are placed as controls on web page. The attackers are very crafty in their approach of infecting the web applications.

More:

http://triosec.secniche.org/concepts/reg_attack.txt

Posted on 11/28/2007 12:05:00 AM by 0kn0ck | 0 Comments

TCP Port Sequence Check : Port Querying

The point of talk is to check the port status with the incoming TCP sequence from the target. It is one of the reliable technique in determining the port status. No doubt from standard a debugged response from the target will provide you the status of flags efficiently. Sometimes with simple TCP Sequence check the port structure can be verified. We are going to prove this by HPing packet crafting to dissect the TCP sequence number.

For more:
http://triosec.secniche.org/concepts/tcp_seq_port.txt

zknk

Posted on 11/24/2007 08:37:00 PM by 0kn0ck | 0 Comments

SecNiche Project : Reversing System Semantics

SecNiche has stated a new project on reverse engineering.This project is dedicated to reverse engineering. It comprise of drafts and papers explaining the different techniques that are used differentially during analysis.

http://reversing.secniche.org

zknk

Posted on 11/22/2007 12:57:00 AM by 0kn0ck | 0 Comments

Google Acted Slowly : The Translation Issue is Corrected



As I stated earlier in my post regarding Google Translation Issue.After long time it has been undertaken by Google and has been corrected.The Google has stopped the English to English Translation. Even if you strip off the parameters and try to redirect it would not be possible.

http://translate.google.com/translate?u=http://www.packetstormsecurity.org

You can find the original layout:

http://zeroknock.blogspot.com/2007/01/google-tranlate-prone-to-redirection.html

The issue is positively corrected after long time.

Posted on 11/11/2007 10:17:00 AM by 0kn0ck | 0 Comments

OS Specification Check : IP ID Testing

The IP ID field is critical part in designing and crafting of packets. Mostly the ID field play a generic role when ever a response is undertaken from destination. There are certain facts about ID which enhances the mode of penetration testing in which it is going to be performed.

check : http://triosec.secniche.org/concepts/ip_id_os_det.txt

Cheers

Posted on 11/11/2007 09:50:00 AM by 0kn0ck | 0 Comments