Malerisch.net - Homepage
01/10/2008 - I will be speaking at Kiwicon about negative SEO. Don't miss this talk if you love playing with search engines ;-) .
28/05/2008 - This presentation was given at "Hack In The Bush" internal training and that's an analysis of one of the latest russian web-based botnet packages. download
30/04/2008 - Last OWASP NZ meeting was great and we talked about Flash exploits and web spam techniques. I thought I could make an article out of it and it is available here. The web spam techniques presentation can be downloaded from the owasp web site or from here.
29/04/2008 - SugarCRM Community Edition is vulnerable to local file contents disclosure. This vulnerability can be exploited by a malicious user to disclose potentially sensitive information. more
27/04/2008 - Using IE? Then be aware of txt files. In fact, IE treats txt files as HTML. Consequently it is possible to have JavaScript executed by IE for text files. more
08/04/2008 - I am currently researching on this topic. Here is an interview I had with Risky Business (IT Security Podcast) about. For more information, there is also an article on ZDNet Asia.
28/02/2008 - In the last Owasp NZ meeting (21st February), we talked about Xpath and we covered some Xpath Injection techniques. The presentation can be downloaded from the owasp web site or from here. Lab links: csv txt