Re: [Full-disclosure] Reversing Embedded Firmware

Did you look at this? http://bitsum.com/firmware_mod_kit.htm I had played with this a while back, for extracting the HTTP Console files of a router. Works well! Thanks, Atul Agarwal Secfence Technologies http://www.secfence.com http://blog.secfence.com @secfence https://twitter.com/secfence

Re: [Full-disclosure] Facebook vuln.

, Atul Agarwal Secfence Technologies http://www.secfence.com On Mon, May 23, 2011 at 12:16 AM, ichib0d crane themadichi...@gmail.comwrote: Turns outnot so much :P https://www.facebook.com/connect/connect_to_node_error.php?body=%3Cscript%3Ealert%28String.fromCharCode%2888,%2083,%2083%29%29

Re: [Full-disclosure] ITSEC vendor presentation for dummies

Lol.. nice presentation! BTW, I could not fail to notice in the vendor logos slide, that you have included HBGary's logo without any modifications.. Any special reasons? Thanks, Atul Agarwal Secfence Technologies www.secfence.com On Fri, Apr 8, 2011 at 2:30 AM, Z z...@wechall.net wrote

Re: [Full-disclosure] Facebook CSRF and XSS vulnerabilities | Destructive worms on a social network

Just finished watching the videos, and I have to admit that they were quite nicely done. Very interesting demonstration of the facebook flaws. Many vulns nicely chained to create the worms. Thanks, Atul Agarwal Secfence Technologies www.secfence.com 2010/10/4 John JEAN j...@wargan.com

Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive

IMHO, I think its rather useless. Instead of it executing wab.exe (Windows Address Book) and open the file test.vcf, one can directly get any .exe file open. If one Thanks, Atul Agarwal Secfence Technologies www.secfence.com On Fri, Aug 27, 2010 at 1:23 AM, matt m...@attackvector.org wrote

[Full-disclosure] Facebook name extraction based on email/wrong password + POC

handy in a Pentest. Rest is only left up to one's imagination. Find the POC script attached. PS: I did not report this, as I am unsure on what to call it, a bug, vuln or a feature. Thanks, Atul Agarwal Secfence Technologies www.secfence.com attachment: fbextract.php

[Full-disclosure] Facebook name extraction based on email/wrong password + POC

handy in a Pentest. Rest is only left up to one's imagination. Find the POC script attached. PS: I did not report this, as I am unsure on what to call it, a bug, vuln or a feature. Thanks, Atul Agarwal Secfence Technologies www.secfence.com attachment: fbextract.php

Re: [Full-disclosure] Facebook name extraction based on email/wrong password + POC

Never encountered that, nevertheless excellent find! Would check it and would incorporate that in the script! Thanks, Atul Agarwal Secfence Technologies www.secfence.com On Wed, Aug 11, 2010 at 7:41 PM, Kevin Connolly bugt...@gmail.com wrote: It gets better. If you enter an e-mail address

Re: [Full-disclosure] GMail complete anonymity possible via IPv6

intentions could have the complete contact list using any of the freely available contact importer script (http://svetlozar.net/page/Import-Gmail-Addresses.html should work fine), and the victim wont have a clue. Thanks, Atul Agarwal Secfence Technologies www.secfence.com On Wed, Aug 4, 2010 at 3:39