Friday, October 31, 2008

A usefull trick used at our customers

Everybody in IT knows it CLI is your friend :)

A little trick used at our customers to get a CLI with sufficient rights is:

runas /user:username@domain /netonly cmd

This gives you your little box executed with the rights of that user in that domain.

Friday, October 24, 2008


The 23th of October I went to a OWASP meeting. If you're thinking about going to one, don't hesitate it is worth your time.

The first talk was "Building a tool for Security consultants: A story of a customized source code scanner" by Dinis Cruz. Even when you are not immediately going to audit code, it is worth to go and listen to Dinis. Although I just program for me, I still like to do it secure and the ideas I picked up are surely going to help me doing so.

The second talk was "Logging: not just a good idea" by Eddy Vanlerberghe. I didn't know what to expect from this talk and it wasn't the greatest presentation ever but it was ok. The fact is that we have to think about our logs, the way we store them and do the exercise to correlate logs of different systems to present as proof in a court of law. It is not so easy since you have to prove that your logs are genuine before you can use them and then there is the correlation.

If you're intrested in OWASP presentations you can go to the website there you can find up to 40 hours of presentations.

Wednesday, October 22, 2008

Doing some research


It has been a while since my last post but i have been busy. I've found a SQL injection vulnerabilty in a product and I am researching it. It is quite a major problem when you inject it returns login, password, server.

I will post more details later but now I have to contact the vendor.