A hacking game for programmers?
Are there any games that I can play that allow me to use things I've learned while programming to hack (not for real, just in the game). I found Slavehack but don't really like it; does anyone know of any others? ...
hacking
Security considerations for intranet developer making public facing website?
I have alot of experience writing internal Intranet applications, but very little when it comes to writing public facing web applications where it is likely that a certain percentage of people will try and be malicious. The app is written with MVC.net, JQuery and Subsonic. What steps can I take to project my application, to make it rea...
How would I go about prevent DLL injection.
So the other day, I saw this: http://www.edgeofnowhere.cc/viewtopic.php?p=2483118 and it goes over three different methods of DLL injection. How would I prevent these from the process? Or at a bare minimum, how do I prevent the first one? I was thinking maybe a Ring 0 driver might be the only way to stop all three, but I'd like to see...
How can I hook Windows functions in C/C++?
If I have a function foo() that windows has implemented in kernel32.dll and it always returns true, can I have my program: "bar.exe" hook/detour that Windows function and make it return false for all processes instead? So if my svchost, for example, calls foo(), it will return false instead of true. The same action should be expected fo...
Are there ways to maliciously pause a Flash movie from within the page?
I am looking for ways that someone could maliciously pause a Flash movie - I'm not talking about how to do it from within the code, I'm really looking for ways it could be done within the browser by a visitor to a website. We have a hacking issue that we think could be caused by this, and are trying to recreate it (yes, I know we should ...
What are all the things we can do with telnet?
I would like to know all the things that can be done with telnet, currently i use it to determine if a remote machine is listening on some specific port like this telnet [machine] [port]. any ideas please ...
Blogs and Books on Encryption and Security
Could any of you experienced programmers / ethical hackers out there recommend some blogs or books on security/encryption? The only blogs I look at now are .Net Security Blog (http://blogs.msdn.com/shawnfa/archive/2009/03/17/authenticated-symmetric-encryption-in-net.aspx) Laptop Security Blog (http://blog.absolute.com/cybercrimes-more-...
What is your favorite way of doing a MITM?
Hi Guys, Many of us must have done a Man-in-the-middle (MITM) attack on their internal networks- nothing serious, just for learning :) Now there are a number of protocol vulnerabilities which make MITM possible - ARP Poison Routing, STP Claiming Root Role dual home, HSRP active router... There are also a large number of network securi...
How vulnerable is my code to SQL injection?
Ok I don't want this to be a hacking advice question, so please don't down-vote for that. I work in a web shop and I've found some of our old PHP pages are vulnerable to SQL injection in the username and want to know how bad. We use a PHP string to embed the user input from the POST on the login form. $uname = $_POST['username']; $pas...
javascript in address bar
Question 1 step 1: i go to http://www.bloganything.net/731/cool-javascript-tricks-for-internet-browsers step 2: on the address bar, i delete step 1 url, and enter javascript:document.getElementById('rsidebar').value='dsf' ; the whole part refresh . how to prevent page from refresh when executing javascript on address bar Question2 ...
javascript replace document.documentElement.innerHTML
in a html page, i have <html> <script> var cnt=''+document.documentElement.innerHTML+''; cnt=cnt.replace(......); </script> <body> something else</body> </html> how to use replace function above, so that my 'cnt' var content is like below <html> <body> something else</body> </html> ...
dynamic iframe height depending on...
Is there any javascript algo that i can used to check for a website page height and put it as height of the iframe to render the page step 1 : check what is the height of the website , let say www.cnn.com.my step 2 : get the height , and put in ? step 3: render the page in iframe with height 'pre-set' ...
firefox/safari/ie top margin ,left margin 0
if i use <BODY TOPMARGIN=0 LEFTMARGIN=0 MARGINHEIGHT=0 MARGINWIDTH=0> tag like this, will this ensure element i put in my html will displayed the same across all browser? the reason i asking this is because, i was told Internet explorer renedering of the page is slightly different .In other words, if i put img tag in a page and rende...
uframe load cross domain page
anyone know any workaround of using uframe to load external uri ? currently when i tried i get access denied on firefox ...
prevent kill frame
instead of asking how to kill frame. i interested to know what technique can be used to prevent an iframe inside a page from been killed by "frame killer" ...
WPF ListView on portable device - extremely slow scrolling
I have a GridView in a ListView contained in a ScrollViewer element. I understand WPF draws only the visible data at runtime, for example on scrolling grids only the visible rows are drawn initially - my problem is that I don't have as much power as on the desktop on a portable device I am developing for, so my WPF ListView - which scr...
Defensive programming against malicious attacks
The company that I work for is redeveloping an in-house product for external use. The product will initially be developed in C# using WPF, then ported to Silverlight. One of the focus points is coding against malicious attacks e.g. SQL injection etc. Questions: Can anyone recommend URLs pointing to articles on security 'best practic...
Whats the error in this python code?
What do i do to solve it? Terminal output is: abhi@abhi-desktop:~/Desktop/sslstrip-0.1$ python sslstrip.py --listen=3130 Traceback (most recent call last): File "sslstrip.py", line 254, in main(sys.argv[1:]) File "sslstrip.py", line 246, in main server = ThreadingHTTPServer(('', listenPort), StripProxy) File "/usr/lib/p...
How to make my software safer from using without purchasing?
Consider I have created software and want to make that soft to be activated via internet if it is being purchased (more precisely, if a license has been purchased). What is the contemporary way of making software safe from using without purchasing a license (from hacking)? How the software and license database should interact to make a r...
Allow Javascript - protect against XSS? (unique scenario)
I'm in the process of building an application (a CMS to be more specific) which allows users to add Javascript to their content. There really is no way around allowing Javascript, and because of it, some security concerns are now becoming quite apparent. What we're mainly concerned about is cookie theft. To explain the system a bit more...