Sunday, August 31, 2014

Things I Learned From DEFCON

Pentoo - Linux distro for pen testing.
VMware fusion - Most of the presenters were using a Macbook with VMware fusion managing their VMs.
Chinavasion - One of the presentations mentioned this in the context of dealextreme, I'm assuming this site is similar.
Kali linux - Another distro for pen testing.
Open bts
Sqlmap (SQLi injection) - Python tool used to tell if php pages were vulnerable to SQLi injection.
C99 shell - PHP interface for shell level system functions.
b374k shell - Another shell which allows an user to run file system, database, and shell commands from a web interface.
Accunetix (xss)
Business logic flaws in mobile operators
Doskey /history - Will show you all the previous commands typed into command prompt.
Maria DB - When oracle took over MySQL, it forked and maria db is still run by the previous developers.
Firefox imacro - A presenter said he uses this for all of his bots.
Burp repeater - Looks similar to fiddler, allows repeating http packets. Maybe only for Mac.
Fritzing
Groupie and Geocouch (couch dB) - This was used in combination with the unity engine to display clusters of map points in a video game.
Steganography - The word for hiding data inside of other files. A presenter showed how histograms could be used.
Femtocells - A personal cell tower. One of the presentations talked about how to use a femtocell to intercept text messages to a Verizon (CDMA) phone.
Shark - Has something to do with a hadoop, good for storing large amounts of data.
SuperTimeline

Wednesday, August 27, 2014

Alembic Cheat Sheet - Python/SQLAlchemy

alembic revision --autogenerate -m "<your message>"
alembic upgrade head

Problem: FAILED: Target database is not up to date.
Solution: alembic upgrade head

Problem: No such revision '5000106def16'
Solution: 
  1. sqlite3 db.sqlite3
  2. drop table alembic_version; (and exit, ctrl+d)
  3. alembic upgrade head

Failed to fetch http://security.ubuntu.com

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/quantal-security/main/binary-amd64/Packages  404  Not Found [IP: 91.189.91.14 80]

This is happening because you're on an unsupported/old version of Ubuntu.

One way to fix it:
  1. nano /etc/apt/sources.list
  2. Change all entries referring to http://archive.ubuntu.com/ubuntu to http://old-releases.ubuntu.com/ubuntu

Thursday, August 21, 2014

Best Python Tricks

https://gist.github.com/JeffPaine/6213790

Most of the examples involve making your code much faster by using iterators instead of creating copies of the data. Example: xrange

Here's the video: https://www.youtube.com/watch?v=OSGv2VnC0go

CSS Selectors - ~ + >

http://css-tricks.com/child-and-sibling-selectors/

That's an excellent article describing what angle brackets, plus signs, and tildes do in CSS selectors. The illustrations make it especially clear.

Wednesday, August 6, 2014