• Research for SharePoint (MOSS) –
    This page contains research notes on Microsoft’s SharePoint MOSS and WSS
  • MS SQL – Useful Stored Procedures for SQL Injection and Ports Info –
    The following post lists and describes various useful stored procedures and port information for MS SQL.
  • Portable Executable 101 – a windows executable walkthrough –
    This graphic (PDF JPG) is a walkthrough of a simple windows executable, that shows its dissected structure and explains how it’s loaded by the operating system.
  • SAP Slapping –
    Dave Hartley delivered his “SAP Slapping” presentation at the CRESTCon and BSides London security conferences recently. The talk provides a high level overview of common SAP system vulnerabilities and misconfigurations.
  • Scanning the Web with Ammonite –
    Ammonite is a Fiddler extension used to scan web applications for common vulnerabilities like verbose and blind SQL injection, OS commanding, local file inclusion, buffer overflows, format string vulnerabilities etc.
  • Exploiting Windows 2008 –
    Internal network pentesting involving domain controllers requires a few steps in order to gain domain administrator access. One of them usually requires to gain local administrator access to a workstation.



  • Android
    • Android Emulator, Trusted CA, and Persistent Storage –
      Android periodically updates it’s SDK and somtimes when this happens, old methods for importing a Trusted CA, necessary to proxy SSL traffic, will fail and you must find a new solution.
    • Update – Android & SSL Cert –
      Thanks to the comments left by Zach from our last Android post here, it has been brought to my attention there is an easier way to do all of this with the latest AVD (4.0.3).
  • SecurityStreet: Unsupported Browser –
    The purpose of this post is to point out a little-known jewel — the -m flag to meterpreter’s execute command.

Vendor/Software Patches


  • Thousands of Twitter passwords exposed –
    It’s unclear who’s responsible for posting passwords for Twitter accounts to a public Web site. The exact number of accounts is also unclear, as Twitter says many are duplicates and many had already been suspended.

Other News

One Comment

  1. […] Week 19 in Review – 2012 ( […]

Leave A Comment