It’s been quite quiet here at my so-called blog lately. But after adding a new feature to Inception, I thought it was about time to do a small writeup. Over the last months I’ve completely restructured Inception. The tool is now more loosely coupled, and I’ve made it easier to create modules exploiting DMA. More… Read more »
Posts By: Carsten
Malte Spitz made an excellent talk on TED in June explaining the greater consequences of the EU data retention directive. Everybody that has a mobile phone should watch this video. Also, check out the excellent (and scary) visualization of the data from his cell phone over six months by the German newspaper Zeit.
I spoke at the OWASP NY/NJ chapter meeting yesterday, and it was great fun. The presentation is available here. Some people asked me after the presentation for links to the tools I demonstrated, so here goes: Teensy – Can be bought at pjrc.com for $16 Social Engineering Toolkit – created by ReL1K and downloadable here Inception –… Read more »
This video shows how Google provides physical and logical security for their data center customers. Quite interesting, and I especially enjoy the 80’s music in the background.
I’ll speak at the OWASP NYC Chapter at Bank of New York Mellon this Thursday, check the link for getting on the waiting list (at the time of writing, the meeting is fully booked). I’ll speak about hardware hacks (not lock picking, but rather how to use hardware to attack software), and present my tool Inception… Read more »
I’ve recently had some time on my hands (knee injury), so I decided to implement a couple of Metasploit modules. This first module allows remote attackers to execute arbitrary code by exploiting the Snort service via crafted SMB traffic. The vulnerability is due to a boundary error within the DCE/RPC preprocessor when reassembling SMB Write… Read more »
Execstack is great for exploit development tutorials and training on Linux operating systems, as it marks the stack as executable. To install it on Ubuntu 8.04 Hardy, issue the following command in a terminal: sudo apt-get install prelink
WSJ ran a rather lengthy article yesterday about Apples newest tablet, the iPad 3. One of the things that struck me was the paragraph treating the new name of the iPad: Apple didn’t provide much explanation for its decision not to use a specific name—such as the much-rumored iPad 3 handle–which some branding experts said… Read more »
Even though the official release date is not until March 1st, I upgraded BackTrack 5 to R2 today following this excellent guide. But after the full upgrade I found that VMware Workstation was not working. Ah, the fun of being an early adopter. Time to patch and recompile the sources (thanks to Weltall for providing… Read more »