Blog

May
19
Speeding Up Lua Script Execution in ModSecurity
Written By Josh Zlatin

    Often when implementing customised ModSecurity solutions we need to extend the built-in functionality via Lua scripting. One of the disadvantages to this approach is the added latency penalty paid for not using the native rules language. When web site performance is critical for business continuity, every additional millesecond counts. The current trunk code fixes a long-standing limitation where ModSecurity needed to create a new VM for each request, which added latency every time a Lua script was executed.

0 Comments
| 3,227 Hits
Read More
Lua, ModSecurity, purewaf, security
May
07
Ethical Hacking Unveiled
Written By Richard Brown

The term ‘ethical hacker’ is often misrepresented as the keywords "ethical" and "hacking" are an oxymoron. A hacker is defined as an unlawful individual breaking into systems and obtaining private data without explicit authorisation. Society in general has a perception of a hacker as a person wearing a hoodie and hiding in a dark basement.
 

0 Comments
| 351 Hits
Read More
ethical, hacker, hackers, hacking
Apr
05
Fight PCI trolls by trolling them back
Written By Gordon Maddern

I recently had to go in to bat for a client who was told by their PCI auditor that they would fail PCI and as a result have to notify all their clients that they were not PCI compliant.  The reason they failed was because the ASV scanner picked up an F5 internal IP address disclosure vulnerability that their scanning engine Nessus picked up.

0 Comments
| 484 Hits
Read More
CVSS score, PCI, PCI compliance, vulnerability scanning
Mar
04
Hacking in the Year 2030
Written By Ty Miller

 
If you are anything like me, when you hear "Hacking in the Year 2030" you immediately visualize hacking robot armies and UFOs to take them down with lazers and ultrasonic USB attachments via your PlayStation 10 using only changes in pupil dilation to read mental instructions of what hacking tools to launch.
 
Well this technology may very well be around in 2030, but unfortunately most of you are more likely to still be exploiting Cross Site Scripting (XSS) vulnerabilities in the web interface of the killer robots.

3 Comments
| 2,321 Hits
Read More
0 day, 0day, hacking, mobile, penetration testing, security, zero day
Feb
19
My light bulb moment
Written By Rob McAdam

Holidays are a great time for reflecting. Over the break, I’ve been revisiting my motivations for starting the Pure Hacking business more than a decade ago.

0 Comments
| 532 Hits
Read More
Celebrating 10 years in business

Most Popular List

Skype 0day vulnerabilitiy d...
06/05/2011 | Written By Gordon Maddern | 62,397 Hits
About a month ago I was chatting on skype to a colleague about a payload for...
Remove Lost iPhone Backup P...
15/10/2011 | Written By Ty Miller | 17,634 Hits
Lets say that at some point you decided to adhere to security best practices...
Building dependable enterpr...
28/06/2011 | Written By Sandeep Nain | 15,477 Hits
Coming from a family of civil engineers, I always knew that it is a rigorous...
Skype Bug Full Disclosure
24/05/2011 | Written By Gordon Maddern | 8,509 Hits
Skype has patched and released the fix for the Skype bug we found so we can d...

Most Recent Posts List

Speeding Up Lua Script Exec...
19/05/2013 | Written By Josh Zlatin | 3,227 Hits
Often when implementing customised ModSecurity solutions we need to...
Ethical Hacking Unveiled
07/05/2013 | Written By Richard Brown | 351 Hits
The term ‘ethical hacker’ is often misrepresented as the keywords...
Fight PCI trolls by trollin...
05/04/2013 | Written By Gordon Maddern | 484 Hits
I recently had to go in to bat for a client who was told by their PCI auditor...
Hacking in the Year 2030
04/03/2013 | Written By Ty Miller | 2,321 Hits
  If you are anything like me, when you hear "Hacking in the Year 2...