Category Archives: Uncategorized

Testing your Cisco ASA appliance for vulnerabilities with Nmap

Finally finished some scripts that I have been working on for a while. Should have had them completed long ago but was not able to get to it until tonight. The scripts make use of the new Cisco AnyConnect library that was part of the commit and test for the (almost) recent vulnerabilities outlined in this Cisco advisory. The easiest way to test the scripts is to run the SVN version of Nmap. For those that don’t feel comfortable with that the scripts and library may be found here:

Metasploit password capturing modules

I recently finished writing three Metasploit modules for capturing passwords for VNC, SQL Server and DB2 (and other DRDA based databases). Being new to the Metasploit project (from a development perspective), Ruby and Git I can honestly say it was a challenge. I probably spent more time understanding Git and Ruby than implementing the actual network services. Having contributed a lot of “client” scripts to the Nmap project I decided it was time to implement some server components and the Metasploit project seemed to be a good option. All in all, it was a fun project and the review process went very smoothly and the modules were merged quickly.

Continue reading

Inspect it is hiring

My employer (Inspect it) is hiring in Stockholm (Sweden). Inspect it is looking for people that currently work with IT- and information-security or have a strong desire to do so. Applicants should have experience within one or more of the following areas:

– Penetration- and Application-security testing
– Application & System security reviews
– Incident response and IT-forensics
– Security training

If your interested or have any questions contact me directly or send an e-mail to jobs[at]inspectit[dot]se