Tom's corner of the internet

10 posts tagged with security

Counting Pizza with Python

28 July, 2016 - Under:

I’m a full time nerd, even when I’m ordering pizza online I can’t stop myself from investigating how the websites I’m ordering from work. My…

Segfaulting Python with afl-fuzz

06 March, 2016 - Under:

American Fuzzy Lop is both a really cool tool for fuzzing programs and an adorable breed of bunny . In this post I’m going to show you…

HP Support Solutions Framework Security Issue

11 April, 2015 - Under:

After discovering the flaw in Dell’s System Detect software I looked into other similar software for issues. This post details two issues…

Dell System Detect RCE vulnerability

23 March, 2015 - Under:

I recently discovered a serious flaw with Dell System Detect that allowed an attacker to trigger the program to download and execute an…

Exploiting XPath injection vulnerabilities with XCat

25 July, 2014 - Under:

I just released XCat 0.7 , the companion tool to this paper . XCat is a command line tool to automate the exploitation of Blind XPath…

Hack things, acquire clothing.

22 November, 2013 - Under:

I discovered an XSS flaw in a website a month ago and reported it to the owners. As a thank you they sent me a hat, a rather large american…

Purchasing a £30,000 numberplate for the price of a bus ticket

07 October, 2013 - Under:

Regtransfers.co.uk is a website that allows you to purchase customized numberplates for your car or motorbike. They boast a large number of…

Breaking out of secured Python environments

25 September, 2013 - Under:

A week or so ago I was browsing /r/Python and I saw a link to a website called rise4fun.com , which is a Microsoft Research project that…

Inspecting .NET applications with ILSpy

19 September, 2013 - Under:

Every once in a while I come across an application that is so comically insecure that I feel the urge to blog about it. The application in…

More holes than swiss cheese

11 April, 2013 - Under:

tl;dr Never trust user input. Note: Before I published this I contacted the owner of the site and he has since replaced it with a new and…