Comments for cyberwart http://www.cyberwart.com/blog Cyber Warfare Technologies Tue, 06 Jan 2009 04:18:49 +0000 http://wordpress.org/?v=2.6 Comment on Mixing File Types by Sky http://www.cyberwart.com/blog/2008/08/01/mixing-file-types/#comment-1924 Sky Tue, 05 Aug 2008 14:13:19 +0000 http://www.cyberwart.com/blog/?p=43#comment-1924 Prove it. for spaming a site and having very little to say, you do sound pretty stupid. there are security features like Security Settings for AX controls in Word. and the same goes for the HTML pull down, it only allows picture pull downs on trusted or "ok'd" docs.... so if you click ok its your own stupid fault. Prove it. for spaming a site and having very little to say, you do sound pretty stupid. there are security features like Security Settings for AX controls in Word. and the same goes for the HTML pull down, it only allows picture pull downs on trusted or “ok’d” docs…. so if you click ok its your own stupid fault.

]]> Comment on Mixing File Types by Anon H4ck3r http://www.cyberwart.com/blog/2008/08/01/mixing-file-types/#comment-1914 Anon H4ck3r Sat, 02 Aug 2008 12:01:16 +0000 http://www.cyberwart.com/blog/?p=43#comment-1914 AWESOME STUFF thanx so much AWESOME STUFF
thanx so much

]]> Comment on Ripped from the Headlines: Antiforensics by Daniel http://www.cyberwart.com/blog/2007/05/31/ripped-from-the-headlines-antiforensics/#comment-300 Daniel Thu, 11 Oct 2007 13:34:41 +0000 http://www.cyberwart.com/blog/2007/05/31/ripped-from-the-headlines-antiforensics/#comment-300 I couldn't understand some parts of this article Ripped from the Headlines: Antiforensics, but I guess I just need to check some more resources regarding this, because it sounds interesting. I couldn’t understand some parts of this article Ripped from the Headlines: Antiforensics, but I guess I just need to check some more resources regarding this, because it sounds interesting.

]]> Comment on Ripped from Elsewhere: Requirements for Effective Fuzzing by anonymous http://www.cyberwart.com/blog/2007/06/30/ripped-from-elsewhere-requirements-for-effective-fuzzing/#comment-245 anonymous Thu, 30 Aug 2007 22:02:42 +0000 http://www.cyberwart.com/blog/2007/06/30/ripped-from-elsewhere-requirements-for-effective-fuzzing/#comment-245 Actually there is an Ida plugin that will map code coverag. Actually there is an Ida plugin that will map code coverag.

]]> Comment on How Hacking Dies…. to thunderous applause by xs http://www.cyberwart.com/blog/2007/08/10/how-hacking-dies-to-thunderous-applause/#comment-143 xs Mon, 13 Aug 2007 06:11:42 +0000 http://www.cyberwart.com/blog/2007/08/10/how-hacking-dies-to-thunderous-applause/#comment-143 The HEAP talk was "Understanding the HEAP by breaking it". Very good technical paper to read when jacked up on Monster and Penguins. :) I also agree that alot of the scene is move to more of a side channel. People meeting and talking. Same kind of stuff in our crew. Talking about new code, 0-days or just drinking and having fun. We are going to hit shmoo next year and see what it is like. I think alot of people want to work with shmoo, it's just getting them to respond to you and work with ya. Good luck with that. Maybe we can find some sexy girls before next year and get them in our crew so we can go to the hacker pimps and the ninja parties. I have been going to Defcon and BH for fours years and have never been invited. Maybe we lack foo. :) BH and DC seem to be selling out there talk spots to the highest vendor. Just look at who is speaking at BH this year. All of the major speakers were major sponsors to the con. HUMMM.... so DT sold it and then sold out. xs The HEAP talk was “Understanding the HEAP by breaking it”. Very good technical paper to read when jacked up on Monster and Penguins. :)

I also agree that alot of the scene is move to more of a side channel. People meeting and talking. Same kind of stuff in our crew. Talking about new code, 0-days or just drinking and having fun.

We are going to hit shmoo next year and see what it is like. I think alot of people want to work with shmoo, it’s just getting them to respond to you and work with ya. Good luck with that.

Maybe we can find some sexy girls before next year and get them in our crew so we can go to the hacker pimps and the ninja parties. I have been going to Defcon and BH for fours years and have never been invited. Maybe we lack foo. :)

BH and DC seem to be selling out there talk spots to the highest vendor. Just look at who is speaking at BH this year. All of the major speakers were major sponsors to the con. HUMMM…. so DT sold it and then sold out.

xs

]]> Comment on How Hacking Dies…. to thunderous applause by mjw http://www.cyberwart.com/blog/2007/08/10/how-hacking-dies-to-thunderous-applause/#comment-129 mjw Sat, 11 Aug 2007 04:00:20 +0000 http://www.cyberwart.com/blog/2007/08/10/how-hacking-dies-to-thunderous-applause/#comment-129 I thought HD's talk was alright. It's the style of pen-testing that I prefer. Far too many people perform a "vulnerability assessment" and call it a pen test. I think there's an important difference in that a VA is essentially scanning a network for a known vulnerability. It's pretty much just auditing the patch management system. Pen testing, hacking to me, is right on with what HD was talking about. However, as that's what I do all the time the talks seemed rather slow to me (not to mention they took up 2 blocks). Which talk about heap exploiting are you talking about? The one talking about dereferenced pointers? I think the real "scene" is moving to the sidelines of BH/Defcon. I got a nice DoS against the iPhone that I'm still playing with and I talked about a few cool topics with some buddies -- but I just have to wonder what's the point if the best part of the conference is talking with friends? My new goal is to get more involved with the Shmoo group and try to help build up shmoocon. Despite have the same old taste of DC I think it's the best route to having a really meaningful experience. I thought HD’s talk was alright. It’s the style of pen-testing that I prefer. Far too many people perform a “vulnerability assessment” and call it a pen test. I think there’s an important difference in that a VA is essentially scanning a network for a known vulnerability. It’s pretty much just auditing the patch management system. Pen testing, hacking to me, is right on with what HD was talking about. However, as that’s what I do all the time the talks seemed rather slow to me (not to mention they took up 2 blocks).

Which talk about heap exploiting are you talking about? The one talking about dereferenced pointers?

I think the real “scene” is moving to the sidelines of BH/Defcon. I got a nice DoS against the iPhone that I’m still playing with and I talked about a few cool topics with some buddies — but I just have to wonder what’s the point if the best part of the conference is talking with friends?

My new goal is to get more involved with the Shmoo group and try to help build up shmoocon. Despite have the same old taste of DC I think it’s the best route to having a really meaningful experience.

]]> Comment on How Hacking Dies…. to thunderous applause by xs http://www.cyberwart.com/blog/2007/08/10/how-hacking-dies-to-thunderous-applause/#comment-127 xs Fri, 10 Aug 2007 21:00:47 +0000 http://www.cyberwart.com/blog/2007/08/10/how-hacking-dies-to-thunderous-applause/#comment-127 I think day 1 was really good. The HD moore talk, there was a talk on the HEAP which was dry but the content in the paper made up for that. Plus the JS talk (hacking intranet sites from the outside in). Day 2 was very weak. I setup my bluetooth scanner and collect some data for a project I am working on. I don't want to agree because I have really loved BH in the past, but I would say that another year of the sponsors buying there seats and time to speak at BH and the con will be dead. Go back tot he days of allowing more independant speakers to come in with ideas and content. Not some sales pitch on a product that no one in the room can afford. Also, more free open source tools or POC code would be cool. xs I think day 1 was really good. The HD moore talk, there was a talk on the HEAP which was dry but the content in the paper made up for that. Plus the JS talk (hacking intranet sites from the outside in). Day 2 was very weak. I setup my bluetooth scanner and collect some data for a project I am working on.

I don’t want to agree because I have really loved BH in the past, but I would say that another year of the sponsors buying there seats and time to speak at BH and the con will be dead. Go back tot he days of allowing more independant speakers to come in with ideas and content. Not some sales pitch on a product that no one in the room can afford.

Also, more free open source tools or POC code would be cool.

xs

]]> Comment on Dynamic HTTP Callbacks by Mike http://www.cyberwart.com/blog/2007/04/23/dynamic-http-callbacks/#comment-48 Mike Sun, 22 Jul 2007 17:04:32 +0000 http://www.cyberwart.com/blog/2007/04/23/dynamic-http-callbacks/#comment-48 <strong>Mike...</strong> Cool! Its really cool.... Mike…

Cool! Its really cool….

]]> Comment on iPhone hackers disclose vulns and hunt for clues by forum iphone mobile phone http://www.cyberwart.com/blog/2007/07/02/iphone-hackers-disclose-vulns-and-hunt-for-clues/#comment-6 forum iphone mobile phone Wed, 04 Jul 2007 06:00:20 +0000 http://www.cyberwart.com/blog/2007/07/02/iphone-hackers-disclose-vulns-and-hunt-for-clues/#comment-6 <strong>iPhone hackers disclose vulns and hunt for clues...</strong> Great post. Thanks!... iPhone hackers disclose vulns and hunt for clues…

Great post. Thanks!…

]]>