This forum is in archive mode. You will not be able to post new content.

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - blindfuzzy

Pages: [1] 2 3 ... 6
1
High Quality Tutorials / Re: [Tutorial] Analyzing Malware by Example Part 7 - Unwrapping Exe Converters
« on: February 20, 2016, 06:39:27 AM »
Great tutorial!
Just curious what you mean by this? "Antivirus detections contain BAT as platform." Meaning the AV detection is in a BAT file?

2
Creative Arts / Re: #security Graphic Contest
« on: February 17, 2016, 06:05:11 PM »
Quote from: techb on February 17, 2016, 06:02:31 PM
Is there money involved?

Good idea will update thread. Yes there is.

3
Tutorials / Re: Taku's XSS handbook
« on: February 17, 2016, 05:52:12 PM »
Quote from: m0rph on February 17, 2016, 02:53:46 PM
Pardon me my good Sir, but, in your opinion, what would some non-common XSS techniques consist of?

(for everyone else blindfuzzy, as is our usual banter)

I was just referring to the info posted as common knowledge. You can google XSS and find all this in better formatting with more information.

Funny his post almost looks like this one: https://www.exploit-db.com/papers/13646/

Anywho some less common vectors for XSS include:
1″ onmouseover=alert(“xss”); “
“onload=’confirm(“test XSS”)’
” onload=window.open(www.google.com)
” onload=’javascript:alert(1)’

You can exploit these when the input parameter value is reflected in HTML input tag or in other HTML code.
You can also XSS the file upload functionality by uploading an html file with xss type of script. Things get more tricky with a site that is locked down with ASP and there are various fuzzing techniques to bypass the ASP xss protection.

4
Creative Arts / #security Graphic Contest [$100 prize]
« on: February 17, 2016, 05:43:21 PM »
Seeing as the team and I have put a bunch of time into getting the channel the way we want it, and setting up a streamlined process of getting videos pushed out on a near weekly basis with awesome intros now thanks to OE. I realized we need to keep growing and gather up more user interaction on the board. #security needs a graphic of its own that we can add to the youtube channel, intros, and in our weekly discussion thread here on the board.

Requirements:

Can't be fucking wallpaper huge in size (Although I wouldn't mind having a wallpaper version of the winner). We are looking for logo, twitter banner sizes.

Must be cyber security related.



Judges: Myself, Oe800, and thewormkill (There will be a randomly picked judge from the #security channel in lieu of a tie)

Be creative have fun with it! This graphic will represent not only #security but evilzone. This graphic will be placed in our discussion thread, youtube channel, twitter and any other public account we have for our weekly meetings.

The winner will receive $100 via paypal

I am setting a 30 day time limit on this contest. This contest WILL end March 17th at 12:00pm EST. Winner will be posted within a week of the contest ending. (Could be shorter depending on the number of submissions)

Good luck to everyone!


5
General discussion / Re: InfoSec Weekly Roundtable/Discussion
« on: February 17, 2016, 05:19:18 PM »
This weeks topic is: You can no haz mai dataz FBI

6
Tutorials / Re: Taku's XSS handbook
« on: February 11, 2016, 09:25:38 PM »
Where's the handbook? All I see is your thread with common knowledge material.

7
Reverse Engineering / Re: Obfuscated Flash file
« on: February 11, 2016, 09:23:19 PM »
Depends.

8
General discussion / Re: InfoSec Weekly Roundtable/Discussion
« on: February 09, 2016, 04:43:16 PM »
Tomorrows meeting has been cancelled. Can pm me for further details.

9
Beginner's Corner / Re: CSRF Exploitation
« on: February 07, 2016, 08:25:33 PM »
Quote from: h4ck3r1987 on February 06, 2016, 07:03:05 PM

Ummm, GET and POST requests can be easily made through HTML forms, images, script tags etc... I'd worry less about CSRF exploitation if you are asking that question. You need to do some research.

10
General discussion / Re: InfoSec Weekly Roundtable/Discussion
« on: February 03, 2016, 09:16:13 PM »
Front page has been updated with Meeting #7 video.

11
General discussion / Re: InfoSec Weekly Roundtable/Discussion
« on: February 02, 2016, 02:37:17 PM »
This weeks topic will be on Dridex the banking trojan.

Quick resource here to spin you up on what exactly Dridex is and does...etc: https://www.us-cert.gov/ncas/alerts/TA15-286A

12
Operating System / Re: So I installed Arch
« on: January 28, 2016, 09:47:40 PM »
Quote from: dimi on January 28, 2016, 10:19:26 AM
iTpHo3NiX is right. I also had problems installing it in a vm (vmware workstation). Should do it straight in your machine. In dual boot maybe?

Don't dual boot it.

13
General discussion / Re: InfoSec Weekly Roundtable/Discussion
« on: January 28, 2016, 02:25:21 PM »
Quote from: 0E 800 on January 28, 2016, 12:45:37 AM
Meeting #6 (maybe its 7?)
1.27.2016

Tools are for tools:

https://www.youtube.com/watch?v=kPFTv5NvZb0

Thank you sir! Front page has been updated with the link.

14
General discussion / Re: InfoSec Weekly Roundtable/Discussion
« on: January 27, 2016, 08:43:32 PM »
I'm getting lazy but this weeks topic was on: Tools are tools...and I don't mean that in a good way.

I pretty much bitched about how new people are coming in to the industry and relying heavily on tools and scanners and not having much manual testing skills. A big epidemic in the industry these days in my opinion.

STAY TUNED FOR THE LINK TO THE DISCUSSION!

15
Hacking and Security / Re: Your Hacking Routine
« on: January 22, 2016, 03:49:32 PM »
Enumeration is going to be vital. Get your team good at it. 

Pages: [1] 2 3 ... 6


Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.