Malerisch.net - Homepage - 
sed v0.2
25/11/2008 - search engine de-optimisation tool update. more download
opera stored cross site scripting
22/10/2008 - Opera browser is vulnerable to stored Cross Site Scripting. A malicious attacker is able to inject arbitrary browser content through the websites visited with the Opera. more
sed v0.1
28/09/2008 - search engine de-optimisation tool released. more download
Ruxcon 2008
12/09/2008 - I will also speaking at Ruxcon about negative SEO. Don't miss this talk if you can't make it at Kiwicon! ;-) .
browser security
07/09/2008 - I have done some research in the area of browser security and presented this argument at the last OWASP NZ meeting. The presentation can be downloaded from the OWASP web site or from here.
Kiwicon 2008
01/09/2008 - I will be speaking at Kiwicon about negative SEO. Don't miss this talk if you love playing with search engines ;-) .
Black Energy 1.8 web-based botnet package analysis
28/05/2008 - This presentation was given at "Hack In The Bush" internal training and that's an analysis of one of the latest russian web-based botnet packages. download
Web Spam Techniques
30/04/2008 - Last OWASP NZ meeting was great and we talked about Flash exploits and web spam techniques. I thought I could make an article out of it and it is available here. The web spam techniques presentation can be downloaded from the owasp web site or from here.
sugarcrm local file disclosure
29/04/2008 - SugarCRM Community Edition is vulnerable to local file contents disclosure. This vulnerability can be exploited by a malicious user to disclose potentially sensitive information. more
IE and content-type text
27/04/2008 - Using IE? Then be aware of txt files. In fact, IE treats txt files as HTML. Consequently it is possible to have JavaScript executed by IE for text files. more
negative SEO
08/04/2008 - I am currently researching on this topic. Here is an interview I had with Risky Business (IT Security Podcast) about. For more information, there is also an article on ZDNet Asia.
xpath injection
28/02/2008 - In the last Owasp NZ meeting (21st February), we talked about Xpath and we covered some Xpath Injection techniques. The presentation can be downloaded from the owasp web site or from here. Lab links: csv txt