Practical Reflected File Download and JSONP

This week introduced us to a new web attack vector, which the researcher dubbed "Reflected File Download" [RFD] . It's a very interesting attack which has potential to do some severe damage, especially in social engineering contexts. Full details of the reflected file download attack can be found here: http://blog.spiderlabs.com/2014/10/reflected-file-download-the-white-paper.html While reading through the white … Continue reading Practical Reflected File Download and JSONP

Adding agentless Windows WMI monitoring to Nagios

There are a couple of well documented methods to monitor Windows machines from Nagios. The most popular of these seems to be NRPE. This method works very well, but the biggest downside for me was the need to install a client on every machine that needed to be monitored. WMI seemed to be the best … Continue reading Adding agentless Windows WMI monitoring to Nagios