Finally finished some scripts that I have been working on for a while. Should have had them completed long ago but was not able to get to it until tonight. The scripts make use of the new Cisco AnyConnect library that was part of the commit and test for the (almost) recent vulnerabilities outlined in this Cisco advisory. The easiest way to test the scripts is to run the SVN version of Nmap. For those that don’t feel comfortable with that the scripts and library may be found here:
I recently finished writing three Metasploit modules for capturing passwords for VNC, SQL Server and DB2 (and other DRDA based databases). Being new to the Metasploit project (from a development perspective), Ruby and Git I can honestly say it was a challenge. I probably spent more time understanding Git and Ruby than implementing the actual network services. Having contributed a lot of “client” scripts to the Nmap project I decided it was time to implement some server components and the Metasploit project seemed to be a good option. All in all, it was a fun project and the review process went very smoothly and the modules were merged quickly.
Nmap 5.50 is out, make sure to check it out. It contains a lot of new NSE stuff, including support for broadcast, pre- and post-rules and most of the scripts I, and many others, have created during the last year. For more information check out the official post http://seclists.org/nmap-hackers/2011/0
I’ve got an e-mail from someone who had trouble with my old rdesktop password guessing patch. So, I took a new look at it and updated it to do more than just dump core 😉
It’s available for download from the rdesktop page.
My employer (Inspect it) is hiring in Stockholm (Sweden). Inspect it is looking for people that currently work with IT- and information-security or have a strong desire to do so. Applicants should have experience within one or more of the following areas:
– Penetration- and Application-security testing
– Application & System security reviews
– Incident response and IT-forensics
– Security training
If your interested or have any questions contact me directly or send an e-mail to jobs[at]inspectit[dot]se