Here is my proof-of-concept exploit for the Cisco Security Agent Management st_upload Remote Code Execution Vulnerability (ZDI-11-088) I reported to ZDI a little while back. CVE ID: CVE-2011-0364
I’ve been cleaning old code again and I think it’s been long enough that I can release this now. I used it to extract code that was embedded within the Cisco Security Agent Management Console (CSAMC). Hopefully someone will find READ MORE
w3af is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. w3af is a great (and getting better) framework that READ MORE
pymsrpc is an attempt to develop a working library for communicating with remote Microsoft RPC endpoints. It includes an IDL parser and NDR data types for making requests. I wanted to get this up here in case you haven’t heard READ MORE
Gregory PiÃ±ero has release Exe_Dump_Utility, a web enabled wrapper for pefile. pefile is obviously more powerful and robust, but its still very cool and worth looking at.