andlabs.net
Attack and Defense Labs - Conference Slides
http://www.andlabs.net/talks.html
BlackHat Europe - Attacking JAVA Serialized Communication. NullCon - Imposter ke Karnamey: The browser phishing tool. ClubHack - Lust 2.0: Desire for free WiFi and the threat of the Imposter. SecurityByte and OWASP AppSec Asia - Lust 2.0: Desire for free WiFi and the threat of the Imposter. OWASP Chennai - Test.Security(Flash);. OWASP Delhi - Understanding ESAPI. SecurityByte and OWASP AppSec Asia. 2009-2010 Attack and Defense Labs.
andlabs.net
Attack and Defense Labs - Tools
http://www.andlabs.net/tools.html
Ravan is a JavaScript Distributed Computing system that uses HTML5 WebWorkers to perform brute force attacks on salted hashes in background JavaScript threads across a farm of workers. Salted and plain versions of the following hashing algorithms are currently supported:. JS-Recon a HTML5 based JavaScript Network Reconnaissance tool. It uses HTML5 features like CrossOriginRequests and WebSockets to perform network and port scanning from the browser. Detecting Internal IP Address. Shell of the Future.
andlabs.net
Attack and Defense Labs - Videos | Security Tools and Techniques
http://www.andlabs.net/videos.html
Exploiting XSS with Shell of the Future. Stealth Backdoors in Google Chrome. Attacking JAVA Serialized Communication with DSer. Exploiting Stroke triggered XSS with StrokeJacking. Stealing cached files with Imposter. Stealing passwords with Imposter. Placing Backdoors using Imposter. Stealing Google Gears Database with Imposter. Stealing files with Imposter. Exploiting XSS with Shell of the Future. Stealth Backdoors in Google Chrome. Attacking JAVA Serialized Communication with Dser.
andlabs.org
Attack and Defense Labs - About | Lavakumar Kuppan | Manish Saindane
http://www.andlabs.org/about.html
Attack and Defense Labs will be a repository of the independent security research done by us. It would also serve as a platform to broadcast and discuss random thoughts and ideas on Security. Unlike a typical geek I got my first computer at 20 and for another 2 years it was only a home entertainment system to me, nothing more. As a kid my passion revolved around machines. I do Penetration Testing, Application security and Security Research for fun and profit. I enjoy Sketching, photography and listening ...
andlabs.net
Attack and Defense Labs - Web War III | Web Application based CTF
http://www.andlabs.net/ww3.html
Hackers attack, coders defend, when you get them together you end up with Web War III. WW III is a Web Application based Capture The Flag contest. It was conducted in SecurityByte and OWASP AppSec Asia 2009. This is a team participation based game. Each team consists of two players, an attacker and a defender. The attacker would be capable of identifying Web Application Vulnerabilities (OWASP Top 10). The defender would be capable of writing secure Java code. The game has two stages:. Shell of the Future.
andlabs.net
Attack and Defense Labs - About | Lavakumar Kuppan | Manish Saindane
http://www.andlabs.net/about.html
Attack and Defense Labs will be a repository of the independent security research done by us. It would also serve as a platform to broadcast and discuss random thoughts and ideas on Security. Unlike a typical geek I got my first computer at 20 and for another 2 years it was only a home entertainment system to me, nothing more. As a kid my passion revolved around machines. I do Penetration Testing, Application security and Security Research for fun and profit. I enjoy Sketching, photography and listening ...
andlabs.net
Attack and Defense Labs - Offensive & Defensive Security Research
http://www.andlabs.net/index.html
HTML5 goodness at BlackHat Abu Dhabi this week. Nov 08, 2010 by Lava. Just three more days to go for my ' Attacking with HTML5. Talk at BlackHat Abu Dhabi. In addition to covering some of the interesting HTML5 attacks already released during 2010 by myself and other researchers, it has two new sections - HTML5 based port scanning and HTML5 Botnets. I would be talking about a new way to perform JavaScript based port scans that gives very accurate results. How accurate? Sep 07, 2010 by Manish. Of his hack,...
andlabs.org
Attack and Defense Labs - Tools
http://www.andlabs.org/tools.html
Ravan is a JavaScript Distributed Computing system that uses HTML5 WebWorkers to perform brute force attacks on salted hashes in background JavaScript threads across a farm of workers. Salted and plain versions of the following hashing algorithms are currently supported:. JS-Recon a HTML5 based JavaScript Network Reconnaissance tool. It uses HTML5 features like CrossOriginRequests and WebSockets to perform network and port scanning from the browser. Detecting Internal IP Address. Shell of the Future.
andlabs.org
Attack and Defense Labs - Offensive & Defensive Security Research
http://www.andlabs.org/index.html
HTML5 goodness at BlackHat Abu Dhabi this week. Nov 08, 2010 by Lava. Just three more days to go for my ' Attacking with HTML5. Talk at BlackHat Abu Dhabi. In addition to covering some of the interesting HTML5 attacks already released during 2010 by myself and other researchers, it has two new sections - HTML5 based port scanning and HTML5 Botnets. I would be talking about a new way to perform JavaScript based port scans that gives very accurate results. How accurate? Sep 07, 2010 by Manish. Of his hack,...
andlabs.org
Attack and Defense Labs - HTML5 Security Quick Reference Guide with Demos
http://www.andlabs.org/html5.html
A repository of all HTML5 Security resources is available here. A detailed article on Web SQL Database security is here. Use Prepared Statements to prevent SQL Injection. Encode data fetched from database before displaying to prevent Cross-site Scripting. Do not store sensitive information in the client-side database. Ensure explicit per system user permission before storing data. Use unique database names to minimize data loss in client-side attacks. Do not trust client-side data. XSS - Insecure Demo 1.
SOCIAL ENGAGEMENT