Recent News

WebSlayer at OWASP

The project WebSlayer is officialy in the OWASP site, from now on it will be the place where you can find updated information on the project.

Also I will be talking in the OWASP Europe Summit 2008, the next week in Portugal, were i will be presenting the WebSlayer project. If you want to discuss or have any idea to improve WebSlayer, please join me.

OWASP WebSlayer site

by Christian Martorella on 07/07/2008
eCrime lecture NEW!!
Last September 26th there was a new edition of the FIST Conferences in Barcelona, where I participated with a talk about eCrime. I really enjoied the conference, it was the first time I did a talk before almost 100 people! but it was really very funny. Unfortunatelly our camera decided to run out of battery just before the talks, so no images are available :(

Anyway, I think the talk was really successful. However, it is very visual and I don´t know if it is understandable without the talk. Also the original format was Keynote and the resulting pdf is not that nice, but I hope you enjoy the talk here . Please feel free to contact with me for any comment or suggestion.

by Vicente Diaz on 05/10/2008
VAPWN - Web Application Visualization
Some time ago, we were working on a web application analyzer tool focused on the structure of the web application. We have a alpha version with a crawler and a proxy working. This is a proof of concept of visualization techniques in the security field: Vapwn

by laramies on 07/07/2008
Proxystrike new release NEW!!
A new version of ProxyStrike is available, new features has been added. Now it can Intercept and repeat requests, response diffing, load and save session, and many more.
ProxyStrike

by laramies on 02/07/2008
RedIris Web Application Conference - Presentation NEW!!
The presentation given at Rediris Web Application Conference is available here:
Presentations

by laramies on 28/03/2008
RedIris Web Application Conference - Barcelona NEW!!
Edge-Security will be giving a talk, at the Rediris VI Security Forum, this time is oriented to Web Applications Security. Our talk is entitled "Common vulnerabilities", we will talk about the "Usual suspects" in Webapp security.
Date: 27/03/2008
Link: RedIris IV Forum

by laramies on 20/03/2008
Mailing list - google group! NEW!!
As consecuence of many request for a place to discuss and share information about the tools, we have created a google group! Please join us here.

by laramies on 20/01/2008
Wfuzz update! Version 1.4 released NEW!!
A new version of the application testers swiss knife is available, with new features,improvements, and bug fixes. Please check the Wfuzz Here

by laramies on 20/01/2008
SQL Server backdoor client

Here is a client for the backdoor introduced by Cesar Cerrudo y Esteban Martinez at Blackhat Europe 2007, it is very simple but functional. You can check more info here.

by laramies on 28/10/2007
Multiple updates

Well, we have done some reorganization on the tools section, we will have a individual page for each "big" tool. The metagoofil page is up here. Also the presentation given at the FIST Conferences is available here.

by laramies on 28/10/2007
Wfuzz update! Version 1.3 released

A new version of the application testers swiss knife is available, with new features,improvements, and bug fixes. Please check the Wfuzz Here

by laramies on 18/10/2007
Fist Conference Barcelona

A new conference will be held in Barcelona, on October 26. Edge-Security will speak about Information Gathering. If you want to join us, check Here

by laramies on 18/10/2007
Tool update - Subdomainer

New version of the Subdomainer tool, if you don't use it already please download here. Some bugs were fixed, and a new data source added, PGP servers. Please download Here

by laramies on 16/10/2007
Tool update - Metagoofil

New version of the metadata extrator tool, if you don't use it already please download here. This tools is very useful for gathering potential user names when preparing brute force attacks. Please download Here

by laramies
New blog

Today we are happy to announce the beginning of Security on the edge, a blog were all the Edge-Security members will share experiences, thoughts, information, etc. Please check the first post here.

by laramies
Wfuzz 1.2 update.

Version 1.2 of the wfuzz is available, we tackle some bugs, added multiple FUZZ keywords, now you can bruteforce 2 parameters at the same time (login/password)!!, the encoders and the payloads are redesigned, and the management of request is much better, now it can fuzz a very large dictionary or range. More encoders and dictionaries. Download now here

by laramies
Reversing in MAC: introduction

This is a document with a light introduction to reversing in MAC, specially to essential tools through an example to illustrate it. You can check it here

by trompeti
Metacoretex-ng code

It seems we are having problems to download source code from sourceforge site, so here it is ready to download . Please refer to the metacoretex-ng page for details and news.

by trompeti
Mysql Backdoor analysis

This time Vicente bring us a brief analysis about the possibilities of developing a Mysql Database backdoor, like the ones developed by Argeniss for SQL 2005 and Oracle. Please download here Documents.

by laramies
Wfuzz, the web bruteforcer

A new tool has been released, this time a tool for Web Application assessments. The Wfuzz is a tool for bruteforcing whatever you need in a Web Application, GET and POST parameters, unlinked resources (directories, servlets, scripts), etc.
Please check all the info in this page Wfuzz.
A must have for a pentester. Enjoy and send your feedback!

by laramies
FIST at Fiberparty

This year we collaborate with the FiberParty, holding a FIST Conference inside the Party. The entrance will be free as alway, and Edge-security will give a talk called "All your data are belong to us". If you want more information about FiberParty please follow this Link.

by laramies