w3af is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.
w3af is a great (and getting better) framework that I just decided to start contributing to. I want to get as much attention to these guys as possible as it has allot of potential to be a very impressive tool.
Hopefully I can set some time aside to actually start throwing some code at em and if you know python and have an interest in web application security, lend a hand! Its a great group of guys (and girls?) working on an exciting tool.
No Comments »
Gregory Piñero has release Exe_Dump_Utility, a web enabled wrapper for pefile. pefile is obviously more powerful and robust, but its still very cool and worth looking at.
No Comments »
Before I get into this post, I should give you a little background into what I do day-to-day. In a typical week I will do a large range of work mainly it revolves around reverse engineering, exploit development, vulnerability analysis, penetration testing, etc. The nature of my (and many other researchers in my shoes) work can create a very diversified work load each having different requirements and environments. With that in mind, for me, python is my language of choice. I have yet to hit a limitation with python that I haven’t been able to figure out a solution for.
This past weekend I was talking to an acquaintance of mine regarding reverse engineering, exploit and tool development, and similar subjects. It was an interesting talk until I told him that 99% of the time I am using python for everything with the other 1% being ASM (shellcode). That statement alone flipped a nice conversation into me getting told that I was wrong, that I must be an idiot because it was not possible to use a language such as python for what we were talking about. He then followed that up by basically saying python was ’stupid’ and a waste of time. There are a few things that piss me off and 2 of them are people telling me I am an idiot and people bashing python. After I finished explaining to him how wrong he was, I got the idea to write this post and hopefully enlighten someone to the joy python can be when reverse engineering.
(more…)
No Comments »
Entries (RSS)