ethicalhack3r
\n\- \n\
- \n\ Home\n\ \n\ \n\ \n\
- About \n\
- Bookshelf \n\
- Files \n\
- Media \n\
- \n\
![\"rss](\"http://www.ethicalhack3r.co.uk/wp-content/themes/ethicalhack3r/img/rss.png\")
\n\
\n\
\n\
Recent
\n\DevBug – PHP Static Code Analysis
\n\My final year university dissertation was on the topic of Static Code Analysis, specifically the integration of IDEs (Integrated Development Environments) with Static Code Analysis. The idea was to make Static Code Analysis accesible to the developer, without them having to install and use additional specialist Static Code Analysis software.
\n\Due to my familiarity with PHP and its lack of interpreter taint analysis I decided that I would write a PHP Static Code Analysis application. The PHP Static Code Analysis tool I developed is called DevBug, it is an online PHP Static Code Analysis tool written mostly in JavaScript (jQuery). The Static Code Analysis engine uses the sources, securing functions and sinks data from the awesome RIPS Static Code Analysis tool to identify specific PHP functions that can cause or remediate user input caused vulnerabilities. DevBug uses Taint Analysis to identify tainted variables, follows the tainted variables through the code, untaints the variables if they are secured and finally detects whether or not tainted variables end up in in sensitive sinks.
\n\The IDE used is called CodeMirror that provides a code editing area, syntax highlighting, line numbering and an API. CodeMirror was slightly modified to detect deprecated PHP functions and highlight them.
\n\ \n\ \n\\n\ 4 Comments\n\
\n\Old School hacking
\n\Back in the late nineties, around 1999, my mother bought me my first computer. Around this time The Matrix movie was released which as a young boy with a new computer had me Yahoo’ing (Google was largely unknown) for the term ‘hacking’. Back then Yahoo! Chat was still around and had a chat room called the ‘Hackers Lounge’, everyone in there was talking about all sorts of cool things you could do with computers that I had never heard of before. With hindsight, most of the people in the chat room were script kiddies who knew how to run a few Windows GUI ‘hacking’ tools and largely acting like they were the kings of the Internet. At the time I wanted to learn about all of the cool things they knew. I started downloading and learning how to use these ‘hacking’ tools by the use of my guinea pig friends and family (my siblings soon grew tired of me remotely opening and closing their CD-ROM drives).
\n\Some of these tools are still actively developed and used today, invaluable to conducting modern Penetration Testing and security audits. For the sake of nostalgia, I present to you some of the coolest most 1337 ‘hacking’ tools that I and others used ‘back in the day’. Warning: Download links not verified.
\n\Legion by Rhino9
\n\Use: Windows Null Session share scanner.
\n\
Released: 1999
\n\
Platform: Windows
\n\
Further Info: http://www.informit.com/articles/article.aspx?p=26263&seqNum=5
\n\
Download: http://packetstormsecurity.org/files/14711/legion.zip.html
![\"Legion](\"http://www.ethicalhack3r.co.uk/wp-content/uploads/2012/05/legion_rhino9.gif\" "\\"legion_rhino9\\"")
\n\ 10 Comments\n\
\n\X-Frame-Options
\n\A colleague tweeted a link to a blog post by WhiteHat Security about the X-Frame-Options HTTP header. I had heard of X-Frame-Options before and knew what it did but didn’t really know how it was used so I decided to investigate further.
\n\X-Frame-Options is a HTTP response header that tells the browser what pages are allowed to be loaded in <frame> or <iframe> HTML tags. The header is an extra layer of security that a web application can implement to attempt to mitigate clickjacking (UI redressing).
\n\The X-Frame-Options header may have three different values:
\n\DENY – No pages are allowed to be loaded.
\n\
SAMEORIGIN – Only pages from the same domain are allowed to be loaded.
\n\
Allow-From http://www.example.com – Only allow frames from www.example.com.
\n\ 5 Comments\n\
\n\Wireless Man In The Middle (MITM)
\n\This is a recent piece I did for the BBC Inside Out program that originally aired on February 6th. In the video I demonstrate a wireless Main In The Middle (MITM) attack in a coffee shop using a FON+ wireless router, Karma and Jasager. Oh, and they’re the ones who call me an ‘expert’, personally, I hate the term and would never call myself one.
\n\ \n\ \n\\n\ 6 Comments\n\
\n\Prevention of unwanted telemarketing calls
\n\I am tired of receiving multiple telemarketing calls per day, I’m tired of the Telephone Preference Service (TPS) not having an affect and I’m tired of telecommunication companies charging for prevention features which should be free.
\n\I came across an e-petition that was setup by a Rob Whitelock, it is not perfect in its recommendations but certainly puts the general point across.
\n\\n\e-petitions is an easy way for you to influence government policy in the UK. You can create an e-petition about anything that the government is responsible for and if it gets at least 100,000 signatures, it will be eligible for debate in the House of Commons.
You can help by signing the petition here;
\n\
http://epetitions.direct.gov.uk/petitions/17324
\n\ No Comments\n\
\n\\n\
- \n\
\n\
\n\
\n\
\n\
\n\
\n\
\n\
- \n\\n\
![](\"http://www.ethicalhack3r.co.uk/wp-content/uploads/2010/09/238614.jpg\")
\n\
\n\
\n\![](\"http://www.ethicalhack3r.co.uk/wp-content/uploads/2010/11/EFF-logo-trans.gif\")
\n\
\n\
- \n\ \n\
\n\ \n \n\