Sunday, August 14, 2005

Papers appeared on packetstorm...

Paper on browser identification.
Read Here

Paper on domain footprinting.
Read Here

Advisory on ASP.NET
Read Here

Thursday, August 11, 2005

Presenting paper at HackInTheBox 05

Title: Web hacking Kung-Fu and Art of Defense
Abstract:
Web attacks are on the rise and new methods of hacking are evolving. This presentation will cover new methodologies for web application footprinting, discovery and information gathering with a new range of tools.

Web applications are getting exploited using various new injection techniques like advanced SQL injection, LDAP query, XPATH goofing etc. All these new exploit methods will be discussed. The HTTP stack is changing in application frameworks like .NET. The stack can be utilized for defense using HTTP interfaces. Defense methodology for web applications are required to combat new threats emerging in the field.

This will be a deep-knowledge presentation that will be full of live demos, examples and new tools!

Presenting paper at Syscan05

Title: .Net web security – Attacks and Defense
Abstract:
Web security is becoming very critical as .Net framework is evolving. New set of vulnerabilities are coming up at web application level. Web Services are also becoming integral part of web application and creating next generation threat for emerging web application layer. There are new set of methodology is required to attack .Net applications and to provide defense new strategies are evolving. This presentation will brief about both attacks and defense with new set of tools.

Sunday, August 07, 2005

wschess 1.4 released

Some bugs are rectified in this build. These bugs were in following areas
1. wsKnight - SOAP action tag in header and host
2. wsPawn - Parsing error
3. Domain footprinting is removed from wspawn and planning to build a seperate tool.

Thanks for reporting bugs. Few more stuff to be added in next build.