Purehacking - purehacking.com
General Information:
Latest News:
Securing the Switching Layer 4 Jul 2013 | 05:06 am
By Rob Dartnell When talking security throughout the OSI model's layers, the most prevalent in most people's minds would be the network layer and above. Having a source and destination IP address and...
ModSecurity SVM Bypass Charity Challenge 2 Jun 2013 | 07:09 pm
I am happy to announce the ModSecurity SVM Bypass Charity Challenge. This is a SQL Injection, XSS and Path Traversal Filter Evasion Challenge. Similar to the Trustwave ModSecurity SQLi Challenge, I se...
Ethical Hacking Unveiled 7 May 2013 | 09:16 am
The term ‘ethical hacker’ is often misrepresented as the keywords "ethical" and "hacking" are an oxymoron. A hacker is defined as an unlawful individual breaking into systems and obtaining private dat...
Fight PCI trolls by trolling them back 5 Apr 2013 | 08:51 am
I recently had to go in to bat for a client who was told by their PCI auditor that they would fail PCI and as a result have to notify all their clients that they were not PCI compliant. The reason th...
Hacking in the Year 2030 4 Mar 2013 | 11:57 am
If you are anything like me, when you hear "Hacking in the Year 2030" you immediately visualize hacking robot armies and UFOs to take them down with lazers and ultrasonic USB attachments via your Play...
My light bulb moment 19 Feb 2013 | 05:43 am
Holidays are a great time for reflecting. Over the break, I’ve been revisiting my motivations for starting the Pure Hacking business more than a decade ago. read more
A case for centralising and correlating event and log data 31 Jan 2013 | 06:28 am
What's happening to my systems? It's a question that I'm sure many fellow IT people out there have been faced with. Whether you're on ground zero doing systems administration and a server dies or won...
Introduction to Hash DoS Attacks 3 Jan 2012 | 11:16 pm
Someone asked me about the Hash DoS attack recently disclosed at CCC, so I thought I would give a high level explanation of it here in case it benefits others as well. Hash tables are often used in pr...
Virtual Patching Session Fixation 2 Dec 2011 | 05:50 am
On a recent engagement we gained unrestricted administrative access to a certain proprietary web application by exploiting a Session Fixation flaw. According to the WASC Threat Classification v2, Sess...
Speeding Up Lua Script Execution in ModSecurity 16 Nov 2011 | 06:01 am
Often when implementing customised ModSecurity solutions we need to extend the built-in functionality via Lua scripting. One of the disadvantages to this approach is the added latency penalty paid for...