andrewpetukhov.blogspot.com

Pondering over...

Building a benchmark for SQL injection scanners. Пятница, 19 августа 2011 г. Building a benchmark for SQL injection scanners. In couple of last years we have seen a lot of emerging projects aiming at web application vulnerability analysis automation. That's right, I mean security scanners. Just to name a few: w3af. I like to group security scanners according to their feature sets:. General purpose vs special-purpose (testing for SQLi or XSS only);. Detection only vs detection exploitation. Do you provide...

http://andrewpetukhov.blogspot.com/

OVERVIEW OF andrewpetukhov.blogspot.com

TRAFFIC RANK

>1,000,000

REVIEWS

0

PAGES IN THIS WEBSITE

19

LINKS TO THIS WEBSITE

CONTACTS

ADDRESSES

SOCIAL LINKS

ONLINE SINCE

WEBSITE DETAILS

SEO

PAGES

SIMILAR SITES

TRAFFIC RANK FOR ANDREWPETUKHOV.BLOGSPOT.COM

TODAY'S RATING

>1,000,000

TRAFFIC RANK - AVERAGE PER MONTH

BEST MONTH

October

AVERAGE PER DAY Of THE WEEK

HIGHEST TRAFFIC ON

Friday

TRAFFIC BY CITY

Sign up

CUSTOMER REVIEWS

Average Rating: 4.0 out of 5 with 16 reviews

5 star

7

4 star

6

3 star

1

2 star

0

1 star

2

Hey there! Start your review of andrewpetukhov.blogspot.com

AVERAGE USER RATING

Write a Review

WEBSITE PREVIEW

LOAD TIME

1.2 seconds

FAVICON PREVIEW

16x16
32x32
64x64
128x128

CONTACTS AT ANDREWPETUKHOV.BLOGSPOT.COM

ADD CONTACT

Login

TO VIEW CONTACTS

Remove Contacts

FOR PRIVACY ISSUES

CONTENT

PAGES IN
THIS WEBSITE

19

SSL

EXTERNAL LINKS

26

SITE IP

0.0.0.0

LOAD TIME

1.248 sec

SCORE

6.2

PAGE TITLE

Pondering over... | andrewpetukhov.blogspot.com Reviews

<META> DESCRIPTION

Building a benchmark for SQL injection scanners. Пятница, 19 августа 2011 г. Building a benchmark for SQL injection scanners. In couple of last years we have seen a lot of emerging projects aiming at web application vulnerability analysis automation. That's right, I mean security scanners. Just to name a few: w3af. I like to group security scanners according to their feature sets:. General purpose vs special-purpose (testing for SQLi or XSS only);. Detection only vs detection exploitation. Do you provide...

<META> KEYWORDS

1 pondering over

2 visitor counter

3 архив блога

4 август

5 июль

6 июнь

7 апрель

8 февраль

9 январь

10 март

CONTENT

Page content here

KEYWORDS ON PAGE

pondering over,visitor counter,архив блога,август,июль,июнь,апрель,февраль,январь,март,about box,просмотреть профиль,intro,skipfish,grendel scan,arachni,wapiti,secubat,sqlmap,hexjector,sqlix,and many more,our goal,http body;,out of band channels,classes

SERVER

GSE

CONTENT-TYPE

utf-8

GOOGLE PREVIEW

Pondering over... | andrewpetukhov.blogspot.com Reviews

https://andrewpetukhov.blogspot.com

Building a benchmark for SQL injection scanners. Пятница, 19 августа 2011 г. Building a benchmark for SQL injection scanners. In couple of last years we have seen a lot of emerging projects aiming at web application vulnerability analysis automation. That's right, I mean security scanners. Just to name a few: w3af. I like to group security scanners according to their feature sets:. General purpose vs special-purpose (testing for SQLi or XSS only);. Detection only vs detection exploitation. Do you provide...

INTERNAL PAGES

andrewpetukhov.blogspot.com

1

Pondering over...: The 1st SysSec Workshop

http://andrewpetukhov.blogspot.com/2011/06/1st-syssec-workshop.html

The 1st SysSec Workshop. Четверг, 2 июня 2011 г. The 1st SysSec Workshop. Our paper "Detecting Insufficient Access Control in Web Applications" was accepted for the First SysSec Workshop. This work is a follow-up research based on the OWASP Access Control Rules Tester project. Which was initiated during the OWASP Summer of Code 2008. If any of you guys happen to attend DIMVA'11 at Amsterdam. I'd be very glad to meet for a beer :). Posted by Andrew Petukhov. Отправить по электронной почте.

2

Pondering over...: января 2011

http://andrewpetukhov.blogspot.com/2011_01_01_archive.html

Web application scanner comparison efforts. Deutsche Post Security Cup. Воскресенье, 23 января 2011 г. Web application scanner comparison efforts. It's been three months since we started a project, which aims at benchmarking SQLI scanners. Although our project is far from the finish, I've decided to share articles and postings by other researches who had undertaken similar efforts. Publications are sorted in order of appearance. Published in October 2006. IBM) and by Jeff Forristal. Published in May 2010.

3

Pondering over...: ruCTF'2011 Quals

http://andrewpetukhov.blogspot.com/2011/02/ructf2011-quals.html

Воскресенье, 27 февраля 2011 г. Well, our CTF team Bushwhackers took the first place in the ruCTF'2011 Qualification game. I'd like to congratulate all the team members with this victory. Wishing the same luck in the Final. I'd also like to thank the organization team for their efforts. Here's some evidences of our team at work:. Posted by Andrew Petukhov. Отправить по электронной почте. Написать об этом в блоге. Подписаться на: Комментарии к сообщению (Atom).

4

Pondering over...: апреля 2010

http://andrewpetukhov.blogspot.com/2010_04_01_archive.html

Limitations of taint propagation vulnerability mod. Vulnerability models in web applications. Bushwhackers won bronze at RusCrypto CTF! Вторник, 20 апреля 2010 г. Limitations of taint propagation vulnerability model. In the previous post. Let us start from the taint analysis vulnerability model. Here is the vulnerability definition used in the model. 1 All data originating from web application users is untrusted. To track this data most analyzers associate a special "taint" mark with it. 4 Untrusted data...

5

Pondering over...: Detecting Insufficient Access Control in Web Applications

http://andrewpetukhov.blogspot.com/2011/07/detecting-insufficient-access-control.html

Detecting Insufficient Access Control in Web Appli. Понедельник, 25 июля 2011 г. Detecting Insufficient Access Control in Web Applications. Two weeks ago we attended the 1st SysSec Workshop. At Amsterdam. We presented there our paper entitled "Detecting Insufficient Access Control in Web Applications". We were surprised to see so many people at the workshop (as far as I'm concerned this workshop received a larger audience than DIMVA itself! Who had made this event happen. It can be downloaded here.

UPGRADE TO PREMIUM TO VIEW 14 MORE

TOTAL PAGES IN THIS WEBSITE

19

LINKS TO THIS WEBSITE

antoxar.blogspot.com

Details are still coming in: Detecting abnormal executable ﬁles using binary code mining

http://antoxar.blogspot.com/2013/02/detecting-abnormal-executable-les-using.html

Details are still coming in. IDA, windbg tips. CTF tasks and so on. Thursday, February 7, 2013. Detecting abnormal executable ﬁles using binary code mining. Rechkov. Lomonosov Report. PS Please don't shy to add comments and ideas! Subscribe to: Post Comments (Atom). Detecting abnormal executable ﬁles using binary co. Exploring and exploiting Lenovo firmware secrets. What does this command? Черный ящик и внедрение ошибок на Black Hat Trainings. VNSECURITY TEAM (Vietnam Internet Security Research Team).

antoxar.blogspot.com

Details are still coming in: January 2015

http://antoxar.blogspot.com/2015_01_01_archive.html

Details are still coming in. IDA, windbg tips. CTF tasks and so on. Monday, January 5, 2015. Using WPP to trace usermode apps. I've created sample app here. To don't forget howto include WPP into system service. For more details in Russian blog post is on habrahabr. Subscribe to: Posts (Atom). Using WPP to trace usermode apps. Exploring and exploiting Lenovo firmware secrets. What does this command? Черный ящик и внедрение ошибок на Black Hat Trainings. Tor – Xác định các exit relay độc hại.

antoxar.blogspot.com

Details are still coming in: July 2013

http://antoxar.blogspot.com/2013_07_01_archive.html

Details are still coming in. IDA, windbg tips. CTF tasks and so on. Monday, July 22, 2013. UFOCTF WriteUP: Mmmm, Whiskey metal. PS I already get a few tips:. Key is SHA256 or decoded string. My brother always make "Burp" and likes tea. Here you can find a dump. Https:/ docs.google.com/file/d/0Bw72cstp5cGsMVlDSlBJU05fdVE. Here is a short how to. First you should find "Burp" log string in the memory dump. There is a two ways here. Using DebugView. Or just using search in WinDbg. Take a look inside. Buildin...

antoxar.blogspot.com

Details are still coming in: March 2011

http://antoxar.blogspot.com/2011_03_01_archive.html

Details are still coming in. IDA, windbg tips. CTF tasks and so on. Friday, March 18, 2011. Lets show you decision of T4 RusCrypto task from Ufologists. We were given an access to the box on which key container was running. It was uploaded not long ago by third party developer. Container search ended with BSOD with help of antirootkit and antiviruse. Analyze the dump and find the key in root of OS. We know for sure that flag contains only latin symbols. download file. Ok Let's see all drivers in system.

antoxar.blogspot.com

Details are still coming in: Write up Mailgw ICTF2011

http://antoxar.blogspot.com/2011/12/write-up-mailgw-ictf2011.html

Details are still coming in. IDA, windbg tips. CTF tasks and so on. Saturday, December 3, 2011. Write up Mailgw ICTF2011. It was best CTF, which I ever played. Thanks to organisers very much. I'm in TU Berlin write know and I played with ENOFLAG team. In this topic I will describe mailgw service. Lets analyse it with IDA. Analysis of server application should starts from accept function. ERROR: accept on socket failed: %s n. LABEL 34 ;. ERROR: fork failed: %s n. LABEL 34 ;. Manage tcp client (. Q - quit;.

antoxar.blogspot.com

Details are still coming in: February 2013

http://antoxar.blogspot.com/2013_02_01_archive.html

Details are still coming in. IDA, windbg tips. CTF tasks and so on. Thursday, February 7, 2013. Detecting abnormal executable ﬁles using binary code mining. Rechkov. Lomonosov Report. PS Please don't shy to add comments and ideas! Subscribe to: Posts (Atom). Detecting abnormal executable ﬁles using binary co. Exploring and exploiting Lenovo firmware secrets. What does this command? Черный ящик и внедрение ошибок на Black Hat Trainings. VNSECURITY TEAM (Vietnam Internet Security Research Team).

antoxar.blogspot.com

Details are still coming in: December 2011

http://antoxar.blogspot.com/2011_12_01_archive.html

Details are still coming in. IDA, windbg tips. CTF tasks and so on. Saturday, December 3, 2011. Write up Mailgw ICTF2011. It was best CTF, which I ever played. Thanks to organisers very much. I'm in TU Berlin write know and I played with ENOFLAG team. In this topic I will describe mailgw service. Lets analyse it with IDA. Analysis of server application should starts from accept function. ERROR: accept on socket failed: %s n. LABEL 34 ;. ERROR: fork failed: %s n. LABEL 34 ;. Manage tcp client (. Q - quit;.

antoxar.blogspot.com

Details are still coming in: UFOCTF WriteUP: Mmmm, Whiskey metal

http://antoxar.blogspot.com/2013/07/ufoctf-writeup-mmmm-whiskey-metal.html

Details are still coming in. IDA, windbg tips. CTF tasks and so on. Monday, July 22, 2013. UFOCTF WriteUP: Mmmm, Whiskey metal. PS I already get a few tips:. Key is SHA256 or decoded string. My brother always make "Burp" and likes tea. Here you can find a dump. Https:/ docs.google.com/file/d/0Bw72cstp5cGsMVlDSlBJU05fdVE. Here is a short how to. First you should find "Burp" log string in the memory dump. There is a two ways here. Using DebugView. Or just using search in WinDbg. Take a look inside. Buildin...

antoxar.blogspot.com

Details are still coming in: Using WPP to trace usermode apps

http://antoxar.blogspot.com/2015/01/using-wpp-to-trace-usermode-apps.html

Details are still coming in. IDA, windbg tips. CTF tasks and so on. Monday, January 5, 2015. Using WPP to trace usermode apps. I've created sample app here. To don't forget howto include WPP into system service. For more details in Russian blog post is on habrahabr. Subscribe to: Post Comments (Atom). Using WPP to trace usermode apps. Exploring and exploiting Lenovo firmware secrets. What does this command? Черный ящик и внедрение ошибок на Black Hat Trainings. Tor – Xác định các exit relay độc hại.

antoxar.blogspot.com

Details are still coming in: June 2011

http://antoxar.blogspot.com/2011_06_01_archive.html

Details are still coming in. IDA, windbg tips. CTF tasks and so on. Thursday, June 2, 2011. Unpacked bootmgr x86 part. First 5 sections is correct. Other segments are wrong. But anymore IDA can associate it with pdb. This version is check Win 7 Sp0. You also can find free version or asking me. Also there are small differences after ms-advisory-2506014-x64. Subscribe to: Posts (Atom). Unpacked bootmgr x86 part. Exploring and exploiting Lenovo firmware secrets. What does this command?

UPGRADE TO PREMIUM TO VIEW 16 MORE

TOTAL LINKS TO THIS WEBSITE

26

OTHER SITES

andrewpetterson.com

Andrew Petterson | Composer

andrewpettinger.com

Andrew Pettinger

andrewpettit.com

Andrew Pettit

Press & Testimonials. Press & Testimonials. Welcome to Andrew Pettit’s official website. Press & Testimonials. 2015 Andrew Pettit - WordPress Theme by Kadence Themes. Website created by DragonWebTech.

andrewpettit.net

Andrew Pettit

Present Person making Future Apps. As a digital product and project manager, I collaorate with brands and artists to build engaging experiences for fans. Message me with your questions about creating and marketing mobile apps. Comedy Central iOS App. With 1 million downloads in its first 3 months, the Comedy Central App is a continuous full episode experience for iOS that brings fans their favorite shows the morning after they air (and sometimes sooner). This is all of Comedy Central on demand and in...

andrewpetty.com

www.andrewpetty.com

This site is under construction. Why am I seeing this page? Are you the owner of this domain? How to replace this page. Try these searches related to www.andrewpetty.com:. Andrew Petty Civil Engineer. Find Personal Injury Lawyers. Personal Injury Law Offices. Danville Personal Injury Attorney. Top Personal Injury Lawyers. Personal Injury Claim Lawyer. Richard Petty Driving Experience. Richard Petty Driving School.

andrewpetukhov.blogspot.com

Pondering over...

Building a benchmark for SQL injection scanners. Пятница, 19 августа 2011 г. Building a benchmark for SQL injection scanners. In couple of last years we have seen a lot of emerging projects aiming at web application vulnerability analysis automation. That's right, I mean security scanners. Just to name a few: w3af. I like to group security scanners according to their feature sets:. General purpose vs special-purpose (testing for SQLi or XSS only);. Detection only vs detection exploitation. Do you provide...

andrewpetz.com

Andrew Petz

Hello, my name is Andrew Petz. I write code, play games, read books, and occasionally watch movies. This is my homepage. Please feel free to navigate using the button in the top left. More, more lipsum! Huge thank you to all people who publish. Their photos at Unsplash. Lorem ipsum dolor sit amet, consectetur adipisicing elit. Neque doloribus enim vitae nam cupiditate eius at explicabo eaque facere iste. Have a question for me? Feel free to email me, or drop me a line on Twitter!

andrewpeuler.com

Andrew Peuler

andrewpewter.com

Home boy page | Andrew Pewter

First day at school. VW transporter T4 EF03 HVZ. VW Transporter T5 Sportline.

andrewpeycha.com

Andrew Peycha | Modern Painter

Available Pieces and Shows. Mixed Media on Board. Through the crossovers of styles and drawing I was taking to those places, I began to think and examine these beautiful places through disassembling, reconstructing and rapid completion. What are the rights and the works within the landscape and how may I assemble it with what I know as an artist? How may I use a select part of the negative or the flaws that are so often present? New Body of Work. 84 x 40 Mixed Media on Board. 84 x 40 Mixed Media on Board.