10 in 8 Thanks to BruCON 5x5
Tues 26th Feb 13
During BruCON 2012 the organisers announced a very generous competition, they had collected €25,000 and were going to offer it in €5k chunks to five lucky hackers. The condition was you had to submit a proposal saying why you needed the cash. You can read more about it on the BruCON Blog. I've very please to say that I was one of the chosen hackers so want to document what I'm going to do with my share of the cash.
As anyone who has browsed my site knows, I've released a lot of tools and blog posts over the last few years and, barring a few token gestures here and there, it has all been done on my own time and from my own pocket. As I currently work as a freelance security tester/researcher the time I spend on projects or writing articles is time I could be spending on paid client work. This was the spark of the idea for my submission. I'm going to take my €5k and hire myself to do some projects. I decided to break it down into a simple €500 per project which gives 10 projects. Not massive projects or tools just nice little ones that I can spend a couple of days on.
Seeing as BruCON is in September, 8 months away, I'm going to try to get at least one project a month out between now and then. I also offered to present the tools at the 2013 event which should be interesting, talk about ten tools in under sixty minutes.
I've got some ideas for tools but thought I'd also open it up to the community to see what you need creating. I'm looking for tools or research that can be done in around a day to two days so small, simple things, like twofi or the File Disclosure Browser.
To aid people in submitting ideas I've create a Google Form for people to use. You can submit any level of detail and you can do it anonymously if you want.
I'll be posting the projects on the site as I release them and I'll also add a link here as well as a way to tie all the sponsored tools together.
So, thanks BruCON, I will endeavour to put your money to good use.
- Pipal Goes Modular - Lots of updates to Pipal have been made possible, the main one being the addition of the modular architecture
- Building a lab with ModSecurity and DVWA - A guide to setting up a test lab with ModSecurity and DVWA
- OWASP ZAP and Web Sockets - Part one of my introduction to web sockets, a general introduction to ZAP and web sockets
- Fuzzing web sockets with ZAP - Part two of my introduction to web sockets, this one focuses on fuzzing
- SocketToMe - A web socket based application for learning to test web socket based applications
- ivMeta - Extracting meta data from iPhone vidoes
- Passpat - Finding keyboard patterns in passwords
- Pat to Pass - Mapping keyboard patterns back to passwords
- Spidering SpiderOak - Finding shared data in the SpiderOak system
- Tracker Tracking - Linking sites together based on their Google Analytics tag