omg.wtf.bbq.

because arshan’s too cheap to license OneNote

Browsing Posts in security

I haven’t blogged or released much research in the last two years. If you care about that, which I doubt you do, then I’m sorry. I’ve been putting all of my energy into Contrast, a completely new way of finding vulnerabilities in applications. Contrast uses instrumentation to add “sensors” to your running JVM, including in […]

We’ve released another version of AntiSamy into Maven and on the main downloads page. In terms of the actual code changes, there are just a few things – it’s more of a directional change for our engine. Here’s the changelist: fixed error message not sanitizing CDATA payloads when encountered (should only concern you if you […]

What do you do when you have an arbitrary file upload to a web-accessible directory in J2EE? Obviously, you need a JSP shell! But there’s one problem: the available ones are kind of terrible. The Metasploit reverse shell is only intended to serve as placeholder for an already-owned box. The world needs a JSP shell […]

We released AntiSamy 1.4.2 a few days ago. This is a minor release with a lot of housecleaning behind it. The main purpose for the release was to address a vulnerability in the DOM engine discovered by Michael Kirchner, Barbara Schachner and Jan Wolff. The bypass is hilariously simple and incredibly frustrating: <![CDATA[]><script>alert(1)</script>]]> The new […]

Javasnoop 1.0 final released with new features, bug fixes, performance enhancements, and more.

pvefindaddr, immunity debugger, metasploit, peter van eeckhouette, corelanc0d3r, exploit, aslr, tutorial, learning

Here’s my (possibly distorted) recollection of Immunity’s Hack Cup 2010, complete with terrible security puns. Thanks to my teammates on SensePost/#TeamZA for winning! And thanks to Nico Waisman specifically for organizing and Immunity for sponsoring a great event. And yes – all of this is a joke – as in, not meant to be taken seriously, as […]

I’m trying to expand my skillset to the point where I can understand one of Nico Waisman’s BlackHat talks, and that means I have work to do (and maybe a brain transplant too). I’ve always had decent assembler skills, I can write simple shellcode, beat Gera’s challenges, but Windows has never been my domain. Let […]

I’m flying back from Blackhat today where I presented and officially released JavaSnoop, a tool that makes security testing thick Java clients really, really easy. We use some magically awesome instrumentation and bytecode engineering. Despite the fact that those buzzwords were in play, Blackhat thought they’d hedge their bet on me by putting the talk […]

You may be thinking, “what the hell happened to 1.4?”  A few things. First, I had a baby. That was really hard. Then, we were trying to manage all the logistics of moving to a new project structure during our 1.4 release cycle and during that time we added some really important stuff. So, AntiSamy […]