August 29, 2011

RankMyHack.Com – Who is the coolest web hacker

Who is the coolest web hacker? Everyone who is involved in the field of information security asks this question from time to time. LulzSecurity? Anonymous? Anyone else? It seems impossible to objectively identify someone as the best one. However, a site appeared in the Net a couple weeks ago which is aimed at determining who the best hacker is indeed! This site is http://RankMyHack.com. As soon as the resource was created, information about it started spreading all over the Internet. Serious Internet sources such as New York Times mentioned this site in their pages. Numerous hackers rushed to find out who is the coolest one among them …

August 17, 2011

Http Parameter Contamination (more)

To continue investigating the Http Parameter Contamination (HPC) attack, I’ve done some primitive fuzzing in the environments which had not been covered in the original research of Ivan Markovic. It must be mentioned, that I have not found out anything new. On the other hand, an interesting feature of the Python interpreter was revealed; I also got a payload exploit for conducting a denial-of-service attack against the Tomcat server:) But I won’t disclose anything else about the latter so far.

The results are presented in the figure below.

August 11, 2011

PenTest Magazine August Issue

Positive Hack Days material win the world – now there is an article in August issue of PenTest Magazine completely devoted to cloud computing and prepared by Sergey Gordeychik, CTO of Positive Technologies and Yuri Goltsev, penetration testing expert.