http://www.penetrationtests.com/blog A penetration tester's sequence of words for the community Mon, 14 Jul 2008 21:28:16 +0000 http://backend.userland.com/rss092 en I have mentioned the tool in my previous post but the tool deserves an entire dedicated post! If you were looking for a tool to count source code lines, here's a nice one. Take a look at CLOC (http://cloc.sourceforge.net/), an excerpt from its website: "cloc counts blank lines, comment lines, and ... http://www.penetrationtests.com/blog/2008/07/14/cloc-count-lines-of-code/ If you were ever involved in the process of scoping out a source code audit project, you have probably run into the situation where you have to figure out how to count the code. There are several things involved: What tool are you going to use to count it? Should the tool ... http://www.penetrationtests.com/blog/2008/07/14/counting-lines-of-source-code/ Sebastian Muñiz also known as "topo" who worked hard on creating the first public IOS Rookit, which among several things is platform independent, has now created a blog named "Ret2Libc - REVERSE ENGINEERING AND RELATED" He mentions a document disclosed by CISCO in response to his presentation on IOS rootkits (the ... http://www.penetrationtests.com/blog/2008/06/06/cisco-ios-rookits-are-da-bomb/ I was looking for resources on how to test personal firewall solutions which are so frequent these days. Here are some of the things I found which may come in handy to someone looking 4 the same thing. History and Advances in Windows Shellcode (The part for: Uploading file with debug.exe ... http://www.penetrationtests.com/blog/2008/06/04/testing-a-personal-firewall-solution-a-couple-of-resources/ I went crazy yesterday looking for a tool that would easily let me remove every single e-mail from my Gmail account. I really find it hard to believe that even though I get the "E-mails deleted" message, they are not being kept somewhere for some agency's convenience. Nonetheless, I wanted ... http://www.penetrationtests.com/blog/2008/05/29/mass-deleting-your-e-mails-from-gmail/ I've been looking around certain Gmail topics, including how to wipe out everything from your Inbox (I will talk about that in my next post) and one of the things I was interested in was 'security'. If you are a gmail user and you are a firefox user, then consider taking ... http://www.penetrationtests.com/blog/2008/05/29/gmail-security-well-at-least-start-with-customizegoogle/ This is meant for replacing your own watermarks, not for the purpose of stealing someone else's content! But using imagemagick (http://www.imagemagick.org) you can easily replace a portion of the image (*.jpg in this case) with the portion that goes on top, your new logo for instance (litte.gif in this case): @echo off for ... http://www.penetrationtests.com/blog/2008/05/25/quick-shellscript-for-replacing-a-watermark/ I just retrieved this from Ed Skoudis's presentation that I just mentioned in my previous post (look it up!) Windows' shell scripting is really in the dark, at least for me. I'm constantly looking for new ways of creating smart batch scripts and it really gets to be a pain in ... http://www.penetrationtests.com/blog/2008/05/25/windows-shell-for-loop-example-read-file-run-cmd-dump-output/ I'm watching the following Webcast by Ed Skoudis which was hosted by Core Security Technologies: Penetration Testing Ninjitsu Part II: Crouching Netcat, Hidden Vulnerabilities with Ed Skoudis at CORE Security Ed talks about the importance of being aware of your ISP filtering policies at the time of conducting a pentest, which sounds ... http://www.penetrationtests.com/blog/2008/05/25/interesting-webcast-by-ed-skoudis/ The tool has a free version and takes care of wiping a significant amount of information anytime it runs. You can configure it to run everytime Windows starts (it would be nice if the action triggered everytime Windows shut down as well) It currently cleans the following:   Internet Explorer Temporary files, URL history, ... http://www.penetrationtests.com/blog/2008/05/14/i-came-across-this-wiping-tool-for-windows-ccleaner/