0x0e.org | pentesting perspective

braindump on pentesting, QA, metasploit, constant learning

Archive for July 2009

SCHED: Black Hat USA 2009 Briefings & Training: jcran’s schedule

leave a comment »

SCHED: Black Hat USA 2009 Briefings & Training: jcran’s schedule


Written by jcran

July 27, 2009 at 2:04 AM

Posted in Uncategorized

gift cards

with 2 comments

IMG_0231, originally uploaded by jonathancran.

notice anything conspicuous about those serial #’s?

Written by jcran

July 26, 2009 at 4:28 PM

Posted in Uncategorized

black hat / defcon parties 2009

leave a comment »

in the interest of not biting the hand that feeds (or waters…) us, i’ve reduced the list to a simple listing of the available parties on a given night, unless it’s been cleared with the party host. note that most (if not all) of them are private, and you will need to be on the list / know the secret handshake to get in.

tuesday (07/28/2009)

  • Speaker Party

wednesday (07/29/2009)

thursday (07/30/2009)

  • Securosis/Threatpost Disaster Recovery Breakfast
  • Syngress Tweetup
  • Core Security
  • SecurityTwits
  • Microsoft
  • Security B-Sides
  • McAfee
  • NetWitness

friday (07/31/2009)

  • AR

saturday (08/01/2009)

  • I-Hacked / PaulDotCom
  • EdgeOS

shoot me a message @jcran if you’ve got something to add to the list.

Written by jcran

July 18, 2009 at 9:47 PM

Posted in Uncategorized

Tagged with , , , ,

didn’t get your facebook vanity url?

with 2 comments

that’s okay, a vanity phone number will do. google voice now allows you to search for numbers when you sign up. it’s the little things.


and you can find me at: http://www.facebook.com/jonathan.cran. 🙂

Written by jcran

July 18, 2009 at 7:11 PM

Posted in Uncategorized

Tagged with

simply awful

leave a comment »

i currently have the worst bio i’ve ever seen. must fix that.

fyi, wordpress has issues:
http://seclists.org/fulldisclosure/2009/Jul/0057.html (thank you, core)

A vulnerability was found in the way that WordPress handles some URL
requests. This results in unprivileged users viewing the content of
plugins configuration pages, and also in some plugins modifying plugin
options and injecting JavaScript code. Arbitrary native code may be run
by a malicious attacker if the blog administrator runs injected
JavasScript code that edits blog PHP code. Many WordPress-powered blogs,
hosted outside ‘wordpress.com’, allow any person to create unprivileged
users called subscribers. Other sensitive username information
disclosures were found in WordPress.

Written by jcran

July 10, 2009 at 4:24 AM

Posted in Uncategorized