Secure the nation

5 02 2013

Dear visitors

I am informing you that I am currently one of the authors for Incognito Lab. Please visit me here.

In addition, it would be great if you follow our facebook by
Get Secured by Incognito Lab

Yours faithfully

phpmyadmin quick guide

6 09 2012

I won’t tell you why.
Go to this:
Install phpmyadmin on window

Password and Hash

22 08 2012

Password attack: very good article

online rainbow table

malware signature
Oh sweet!!

No this one is not related to this topic, but it’s so sweet!!
SMS Spoofing and its tool.

stealth ideas to check egress rules on firewall

14 08 2012

To verify egress rules on firewall. we could
1. look at firewall policies
2. ask some employees to help in other words do social engineering
3. guess

The first two approaches are not what I would like to talk today instead I am focusing on guessing technique. A stager of Metasploit called reverse_tcp_allports is one of the nice ideas to do this.
However, if we need more stealth, create a server which responses to any TCP port like 65K Open TCP Ports and watch for our traffic.

“The quieter you become the more you can hear”

Random stuffs — new coming pentest environment

10 08 2012

I got these today, and will explore later.

MobiSec Live Environment

Redirection in ASP.NET

11 06 2012

We have 2 options.
1. Client-side Redirection with Response object

  • Response.Redirect(“file.aspx?x=what”)
  • Response.RedirectPermanent(“file.aspx?x=what”)
  • 2. Server-side Redirection with Server object

  • Server.Transfer(“file.aspx?x=what”)
  • With server redirection, if you perform redirection to other domains, a runtime error will be thrown. By the way, the performance is better because it reduces 1 hop of redirection from the client.

    Look up at the URL bar, and action keyword, you could notice how different it is.

    Application Security Infographic by veracode

    8 06 2012

    Infographic by Veracode Application Security

    Building Secure Web Applications
    Building Secure Web Applications

    How Mobile Apps are Invading Your Privacy
    How Mobile Apps are Invading Your Privacy