Webantix - Evolution of Security

SANS SEC660 (GXPN) Buffer Overflow for your Brain

Well I know I am not the best at blogging these days, but with the move to Australia to run the Threat & Vulnerability Management team for PwC in Melbourne and the complete rebuild of upSploit you can imagine that this blog has not been the top of my priority.

I wanted to write a review on a course that I took last November with SANS in Sydney. I was offered a training budget and after a lot of research I chose SANS SEC660 Bootcamp that teaches Advanced Penetration Testing, Exploit Writing, and Ethical Hacking. Now I thought with all my years testing I was on the upper end of the testers knowledge. If you are sitting there knowing how to exploit the usual MS08-067, Tomcat, Jboss etc better than you know how to groom yourself this is the course for you.

Read More

Webshot: Screenshot every web server during your pen test

During an internal pen test you can find a large number of internal web servers. Some of these servers are running on some weird and wonderful ports and are hidden away. Without having to manually visit each and every web page to find that low hanging fruit I have built a bash script to go off and do this automagically for you.

All you need is your Nessus scan exported as an NBE file. Once you have this file you can use webshot.sh to collect all of the web servers found during your nessus scan. To download this new script please find it at https://github.com/webantix/webshot. Once you have used it and have some feedback just let me know in the comments below or on the issues log on github.

Read More

Sonicwall netExtender on ubuntu x64 missing libssl or libcrypto

Wow, over a year since my last post. Work has been crazy and personal life is even worse. If any of you are wondering where i have been hiding head over to upSploit.

Well I have just rebuilt my laptop to Xubuntu 11.10 as I could not stand the Unity on Ubuntu and decided to use 64bit OS now too. Don't worry with the Xubuntu bit this fix should work for any of the Ubuntu family.

Read More

Penetration Testing for Business Reasons

Now during my time as a Penetration Tester I have learnt that these days pen testing is not for the IT department it should be for the whole business. A quote from CISSP for dummies (stop laughing) says "Executives seem to understand This will cost us $3 million better than This will cause an unspecified loss at an undetermined future date".

Read More

upSploit - Public Beta Release

upSploit is a new and free Advisory Management Solution. The aim is for upSploit to become a service/framework that security researchers can depend on when disclosing vulnerabilities to vendors. After 5 months of development we are now ready to unleash to the world the Public Beta. This version is fully functional and automated to allow for speedy fixes to all the security holes that are out in the world to be found.
Read More