If you code in Python and you've never come across psyco before I would highly recommend checking it out. I integrated basic psyco usage into my SQLBrute tool, and it seems from inital tests to give at least a 10% to 20% speed boost to even my inefficient code.
You don't get something for nothing though - it's a memory hog. Since I haven't tested it too much, and since SQLBrute is a network bound CPU hog at the best of times, I haven't turned it on by default - you can supply the --psyco option to try it out. Enjoy!
Found this useful? Then Digg It.
Just a quick note - I had some brief correspondance recently with Cedric Cochin who has written a tool that does some of the same stuff as my SQLBrute tool called SQLiX.
I've had a quick look at the tool, and there is some interesting stuff there - it does a lot of the testing by taking a different approach to what I have done. It's built as a scanner, has a spidering function, and can take an input file for doing scanning (which appears to be a similar format to that produced by IEnterceptor).
I'll be trying this out on some other sample applications to see how this can fit into my toolbox, and to see what I would add or change about the tool. In the meantime, see a sample run of the tool below to see it run against the Acunetix sample vulnerable site.
Continue reading "New tool to look out for - SQLiX" »
Found this useful? Then Digg It.
Just to note that the slide decks from the EuSecWest/core06 conference earlier this year are now available. You can obtain them from the EuSecWest site. My slides are not currently up there, although they should be soon. In the mean time, my slides and examples are available on my site.
You can also refer back to my blogged coverage of Day 1 and Day 2 of the conference on this site. Enjoy!
Found this useful? Then Digg It.
This is the week when computer security departments world wide will be short staffed because everyone who could beg, borrow, or steal tickets and time off will be heading to Las Vegas for the Blackhat and Defcon conferences....
Well, thats actually a bit of an exaggeration - after all there are a lot of good conferences these days - often smaller and less intimidating, or less corporate and more focused (such as Shmoocon for example). But in any case, the schedule for Blackhat has a lot of interesting stuff on it, as does the Defcon schedule, and I'll be looking forward to some interesting material being convered. I saw Major Malfunction's mag stripe talk at Uncon 9 - well worth a look in if you want to see some hacking it 0ld sk00l.
Now all I have to do is survive the 10-odd hour flight there from London...
Found this useful? Then Digg It.
