« Older Entries

Memory Limits for Windows Releases

Hi folks, found an interessting website from Microsoft which belongs to different Memory Limits for Windows Releases. Have a look – http://msdn.microsoft.com/en-us/library/windows/desktop/aa366778(v=vs.85).aspx hf Short URL: http://tinyurl.com/boww562Link to this post!

Posted at Dec 10th | no comments | Filed Under: // Microsoft Windows read on

Auto startx in Backtrack 5 (GNOME)

If you want to rid of typing “startx” after login to Backtrack 5, you could just add some extra lines into /root/.bashrc . As this is a problem I had some days ago I would like it to share with you. And you get rid of google (gg) Joke apart! Add these lines to /root/.bashrc [...]

Posted at Aug 19th | no comments | Filed Under: // Linux, // Programming read on

Evaluation of the efficiency of Cross-Site-Scripting measures (Part 1)

In regards to my Master Thesis, which is about the evaluation of the efficiency of Cross-Site-Scripting measures, I would like to introduce my assessment approach to you. This post is not about the definition of XSS neither about secure coding. Part 1 comprises the definition of the assessment approach to evaluate the efficiency of XSS [...]

Posted at Aug 3rd | no comments | Filed Under: // Penetration Testing, // Programming, // Web Security read on

Detect Port-Scans with iptables

Altough attacks are more and more evolving to the application layer, baseline security must be established as well. Usually one of the first steps taken is to build up a firewall. In this post I want to introduce, how port scans can be detected with iptables. nmap as one of the most popular port scanners, [...]

Posted at Aug 3rd | no comments | Filed Under: // Networking, // Penetration Testing read on

What’s coming next?

I am going to write about network printer security and how printer insecurity could lead to a compromise of windows active directory. Some ideas of mine inlcude insecure configuration, usage of domain admin accounts, password security etc. Feel free to contribute! Short URL: http://tinyurl.com/3jzkddfLink to this post!

Posted at Aug 2nd | no comments | Filed Under: // Microsoft Windows, // Networking, // Penetration Testing read on

(Double-)SQL-Injection Challenge

I would like to demonstrate a sample SQL-Injection attack. SQL-Injection occurs if user input is not correctly validated. Sensitive data could be read from the database, or administrative operations could be executed. First have a look at the vulnerable application code listing: function listBookmarks($searchTag,$s) { if($searchTag == NULL && $s == 0) { $sql = [...]

Posted at Jul 30th | 1 comment | Filed Under: // Penetration Testing, // Programming, // Web Security read on

Categories

About

What's important to tell you about MfS - Enterprise?

MfS - Enterprise is a private Blog and focuses on Information Technology (IT) and Information Security (IS) related topics. All posts are written by Michael Schratt (bl4ckw0rm). If you have any questions according to security related issues, please do not hesitate to contact me. I am looking forward to hearing from you!

Information Security Services are not provided commercially!

Best regards, Michael Schratt

Recent Posts

Tags

begriffe corporate security cross site scripting definitionen donau universität duplicate finder duplicates exploit ff firefox fsum http ie iis information security injection integrity check internet explorer iso it security java jetty jetty.xml keystore master thesis md5 michael schratt mod-security normen noscript obfuscationg parser perl request filter script scripting sql-injection standards tags vulnerability xss xss-filter XSS Attack Vector xssed.com xssedl

Latest Tweets