Security at Stake

Me-Myself-I

Search

Projects-

Email Contacts.

Linkedin Network..

Previous Posts

IS Research Author

Conferences.

EuSecWest
Troopers
XFocus Xcon
Xfocus XKungfoo
Owasp
Clubhack
CERT-IN

Archives

Links

Hackonic - The Hacker Way of Writing

This project is dedicated to hacker way of writing. The aim is to present the creative thinking of hacker over social layout. The art resides everywhere. So its a duty to craft it and to present in front of comunnity.

Hackonic - Leveraging the Hidden thinking process.

HACKONIC

Regards
0kn0ck

Posted on 8/23/2008 03:12:00 AM by 0kn0ck | 0 Comments

Restating JSON Hijacking - Call Back Pattern Checks


Recently I was going through the Web application List and found a post on JSON Hijacking. The issue of spreadsheet was briefly discussed. The prime target to hit the Callback Pattern working functionality which is also undertaken as JSON Padding which is considered insecure.So here are some of the papers and discussion which will explore this concept at max.

[1] http://www.secniche.org/papers/Exploiting_JSON_7_Attack_Shots.pdf

[2] http://www.secniche.org/papers/Ser_Insec_Bison.pdf

[3] HP Blog

Regards
0kn0ck

Posted on 8/21/2008 07:44:00 PM by 0kn0ck | 0 Comments

God Dwells in Machine - The Transformation


With the advent of new technology entities and objects , the face of world has changed. Ever since the development takes place there is always a forefather adhere to it. Not even a single discovery can be made without the originator. When it comes to nature, god is there. When it comes to machines the answer really gets hard to find. God resides in Machine ! Is it possible? A little sarcastic question to ask but still it holds a abstract truth which one can not deny.

A very generic views have been presented. Fetch here and think of your own:

God Dwells in Machine.


Regards

Posted on 8/16/2008 11:19:00 AM by 0kn0ck | 0 Comments

Tomcat-Apache Passsword Information Dumps

The web is a platform for launching number of attacks in different environment. It is not so easy to directly trigger the pattern of insecurity and exploit the dynamic entities. The web itself holds tremendous information. This information should be managed and tackled in a right way. Again the administration is a big problem. Well it is. While pen testing Apache tomcat it is undertaken that the security is implemented in a worst way. Most of the time weak passwords and poorly generated modules and misconfigurations lead to control.

Note: 50 % of Apache Tomcat servers can be hacked in easy manner if security is slithered. A brief analysis after a collection of dumps is discussed. Have a look:

CERA Arena

Regards

Posted on 8/16/2008 11:15:00 AM by 0kn0ck | 0 Comments