Or maybe where was the Dev in the room? Imagine you’re sitting at a computer logged into your favorite website, lolcats, and you click on a shady link while logged in. There are a lot of attack scenarios that start this way. Browsers have a cross domain policy that prevent the shady site from accessing any of [...]
My over caffeinated self somehow managed to stumble through the talk at toorcon. I’m self critical over the whole thing, but still overall a great experience, and I’m glad I did it. I was totally nervous. This was my first ‘con’ and the room was packed (people standing at the wall), I spotted relatively famous [...]
proxychains is a pretty amazing tool available at http://proxychains.sourceforge.net/. It is a versitile proxy tool. So folks like me, who would like the source IPs to be from a proxy, or multiple proxys. For me, the main uses are proxying gui port scan stuff like nessus and proxying tor.ychains.sourceforge.net/. It is a versitile proxy tool. So folks like me, who would like the source IPs to be from a proxy, or multiple proxys. For me, the main uses are proxying gui port scan stuff like nessus and proxying tor.
Here are some flags that may help vulnerable code from being executed. -D_FORTIFY_SOURCE=2 This should get rid of some buffer overflows that can be analyzed statically and some obvious ones (strcpying input, format string vulnerabilities). More information can be found here: http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html -fstack-protector-all From the man page: Emit extra code to check for buffer overflows, [...]
No computers were harmed in the 0.178 seconds it took to produce this page.