Research

• PHP filesystem attack vectors - Take Two
• PHP filesystem attack vectors
• XSS Cheat Sheet: non repeating payloads
• 25C3 (CCC Congress 2008) Tricks: makes you smile
• Slides @System 2008 - Dipartimento di Informatica dell’Universita’ di Pisa
• Shared hosting “file” handler PHP session dumper
• LFI2RCE (Local File Inclusion to Remote Code Execution) advanced exploitation: /proc shortcuts
• Local File Inclusion (LFI) of session files to root escalation
• mod_negotiation: directory listing, filename bruteforcing
• Detect NoScript POC
• Skype 1.4.118 for Linux = Panacea
• Scanning DMZ hosts with remote file opening
• Architecture detection by PHP anomaly
• Why the Skype 0day exploit is a fake
• Clientside security: Hardening Mozilla Firefox
• XSS Cheat Sheet: two stage payloads
• XSS Cheat Sheet: the PLAINTEXT tag
• Linuxpersec2 a Verona (16/17 Giugno)
• Install Firefox XPI without whitelist
• Interview with Rain Forest Puppy
• Bad url redirections (AKA: Many thanks to our partners!)
• Pseudo threading with BASH
• HttpOnly Cookies Reference
• IE7 ping back home, MS and your browsing history
• LugVR Contest 01: Google Maps Reverse Solution
• LugVR Contest 01: Google Maps Reverse
• Pratical XSS n1
• Port scanning with online services
• Port scanner with dnsstuff
• Truffa ai sondaggi di mambo
• HttpOnly Cookies and Mozilla Firefox
• EXIF Phun
• Arin.net XSS
• Windows software

Repositories

• basehttpserver-base64-webshell A self-serving Python 2.7 HTTP GET/POST Web Shell
• dropzone-no-autoload A fork of https://github.com/enyo/dropzone that works with jQuery
• hotpotato An hot Access Point
• insecure-php-file-upload Vulnerable PHP File Upload
• php5-security Secure configuration for PHP
• blanker-slate-child Blanker Slate Child Theme
• blanker-slate Blanker, blankest slate
• perfect-bash Perfect Bash RC
• secure-ssh-server The perfect /etc/ssh/sshd_config
• ricoh-spc250dn Ricoh SP C250DN/C252DN
• wikileaks-spyfiles4-customers FinFisher Customers Analisys
• openmagic OpenSSL TLS heartbeat read overrun (CVE-2014-0160)
• ocz-revodrive-2.6-proxmox Support for OCZ RevoDrive3, RevoDrive3 X2, zDrive R4 in Proxmox
• flipper Convert lines of a stream to columns or an associative array
• selfoss_sqlite2mysql Convert the Selfoss DB from Sqlite to MySQL
• asterisk-recording Monitoring and recording scripts for Asterisk
• aruba-logparse Parse Aruba Network log messages