I’ve been spending a lot of time lately working with packet captures. I’ve been stringing together a long list of silly one-liners to make a very rough pcap vulnerability scanner of sorts. This is one of those one-liners. One of the main things I first hunt for in network traffic is sensitive data leaving the network. Depending on the client, this could range anywhere from Social Security Numbers to Player Tracking Numbers on gaming networks. I usually use grep and … →
For those of you who are struggling to find a way to convert PDF files into TXT files, here is a quick bash script. There are many alternatives out there, but none were reliable for me. You’ll need to have acroread and ghostscript installed for this to work. #!/bin/bash mkdir ps txt FILES=”*.pdf” for f in $FILES do echo “Processing $f” acroread -toPostScript $f ps/ g=`basename $f .pdf` ps2txt ps/$g.ps > txt/$g.txt done You can also change the second to … →
Customers in industry segments from financial services to healthcare have struggled to protect personally identifiable information. Now the National Institute of Standards and Technology have released guidelines to help manage the process of securing PII data. Special publication 800-122, titled “Guide to Protecting the Confidentiality of Personally Identifiable Information”, helps customers to identify, classify and provide appropriate levels of protection for PII data. The document suggests a risk based approach where resources and controls are focused on the most critical … →
This post discusses a tool to automatically check and keep a local copy of skipfish up-to-date. →
Believe me when i say that we’ve used a lot of tools. We love scripts, we love things that free up our time to do the real analysis on a web application assessment. We have used w3af, nikto, Grendel Scan, etc, etc… We are really happy to see a new tool we have used in it’s pro version incarnation: Netsparker. Netsparker announced today that it is releasing a community edition, lacking only a few features of the pro version. We … →
According to the datalossDB.org, over 110 healthcare organizations have reported the loss of sensitive PHI and/or PII data affecting 5,306,000 people since January 1998. Over 40 percent of the losses were related to theft of laptops, tapes or other media. Another 27 percent were the result of loss or negligence by staff or third parties. Malicious insiders were responsible for 20 percent and 9 percent were related to external attacks, with the remaining 2% unknown. Given that the problem is … →
