XSS Filter Evasion Cheat Sheet Last revision (mm/dd/yy): 07/4/2018 This cheat sheet lists a series of XSS attacks that can be used to bypass certain XSS defensive filters. Please note that input filtering is an incomplete defense for XSS which these tests can be used to illustrate. Dr.Web's Online Scanner Everyone knows that once you are on malicious or fraudulent websites, your PC can easily become infected, especially if your computer or mobile device does not have anti-virus software installed. But could this be avoided? Yes, and it’s as simple as this: if a website looks suspicious, you check it on this web page before clicking on the unknown link.
Blog Seasoned malware analysts/reversers/crackers move along – you already know this stuff Analyzing malware is always challenging as there are a few dozen if not hundreds different ways to detect the virtual environment plus other tools used by reversers during dynamic or in-depth analysis – most of these can be easily picked up by malware looking for process names, registry keys, or using one of the undocumented, or semi-documented bugs/features of VMs (usually snippets of code producing different results when executed on a real CPU vs. on a virtual CPU). This short post describes a few ways how to hide VM (main focus on VMWare) and tools – by hiding their files, processes, services + associated with them registry keys/values.
Archives Approximately 1 year ago today, Tim Tomes and I did a presentation on Volume Shadow Copies (VSC) at Hack3rCon II. Hack3rCon^3 just wrapped up, and I’ve officially been shamed into finally publishing the details of the research. Many of the faithful PDC readers will know most of these details, as some of them were included as pieces to posts on other topics, but I will try to provide a little something new. Volume Shadow Copies The Volume Shadow Copy Service (VSS) maintains copies of every 16k block that is changed on an NTFS disk. Then at certain times it packages up all those 16k blocks and puts them up into a Volume Shadow Copy (VSC).
Maltego Part I - Intro and Personal Recon By Chris Gates, CISSP, GCIH, C|EH, CPTS According to their web site, “Paterva invents and sells unique data manipulation software. Paterva is headed by Roelof Temmingh who is leading a light and lethal team of talented software developers.” On May 6 2008, they released a new version of a very kewl tool named Maltego. “Maltego, is an open source intelligence and forensics application. It allows for the mining and gathering of information as well as the representation of this information in a meaningful way. Maltego: Exploiting the Internet Last updated May 23, 2003. It has been said that you can learn a lot about a person by the friends he keeps. While a true statement, this idea is stuck in the physical realm.
APIs: GeoLite Free Downloadable Databases New Database Format Available: This page is for our legacy databases. For our latest database format, please see our GeoLite2 Databases. Databases IP Geolocation Third Party GeoIP Resources This page lists some of the 3rd party resources available to help you integrate GeoIP Legacy databases and web services with your applications. MaxMind does not endorse any of these pages and the use of the code in them is at your own risk. Implementation Keyboard Ninja: Concatenate Multiple Text Files in Windows You have a directory full of log files that you want to import into Excel or a database so you can do some processing on them… but there are hundreds of files… how do you make them into a single file? Answer: Pull out your DOS hat, open a command prompt, and then use the “for” command. The syntax works something like this: for <variablename> in (<directorylisting>) do <command><variablename> So if you wanted to append all of the *.log files in a directory, you’d use the “type” command and then pipe it into a single file using the >> operator.
binwalk - Firmware Analysis Tool As of 2013-11-15, binwalk is no longer maintained on GoogleCode. The code repository has moved to and all future releases and updates will be posted at binwalk.org. The GoogleCode repository remains for historical purposes only. Binwalk is a firmware analysis tool designed to assist in the analysis, extraction, and reverse engineering of firmware images and other binary blobs. It is simple to use, fully scriptable, and can be easily extended via custom signatures, extraction rules, and plugin modules. Binwalk supports various types of analysis useful for inspecting and reverse engineering firmware, including:
Bulk extractor Overview bulk_extractor is a computer forensics tool that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. The results can be easily inspected, parsed, or processed with automated tools. bulk_extractor also created a histograms of features that it finds, as features that are more common tend to be more important.
WOT is a very good community based alternative by schenz Sep 12