Reflection on pdp
This week on reflection we have Petko D Petkov (popularly known as pdp). pdp has been active in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 webappsec community for sometime now. He has written many articles and published many tools. Two of his more popular tools are Attack API and Technika (firefox extension). He is also a co-author of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book XSS Exploits: Attacks and Defense. Recently he presented on Advanced Web Hacking Revealed in OWASP Appsec Conference in Italy 2007. In his reflection pdp shares with us how he got started in webappsec field. In his own words
“I have always been fascinated by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 power of Web but it was around year 2000 when I got into web application security. Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n that, my interests towards IT security has been growing since 1995. Funny enough, it was "Hackers", cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 movie that sort of inspired me to spend my time on solving interesting problems with my not-so-advance for that time PC, racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n wasting time on games. Back cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n, I had 286 MHz "Pravetz", produced in Bulgaria. One of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first projects of mine was a simple calculator that was also password protected. When I finished cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 project, I also learned how to trick cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 password protection mechanism by modifying cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 jumper inside cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 program binary. That was fun. The Bulgarian underground scene used to be a great resource for me to learn. I started reading an online-zine called Phreadom. I am still looking for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 old issues but I guess cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are somehow lost forever.
I started hacking from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time I learned how to program. My Dad told me that programming is one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 few professions out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re that teaches you about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world in general since programmers try to reflect real world problems into easy to maintain and use software products. That made me start thinking outside cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 box. I define myself as a life-hacker. I guess this is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reason why I am where I am today. When I came to UK I didn't wanted to waste time so I did a lot of security related projects. This is when my IT Security career started. I was 18 I was doing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 stuff that I wanted to do all my life.”
Based out of london, UK, pdp is only 22 years old. Below is a list of his contributions to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 webappsec community.
Books:-
XSS Attacks: Exploits and Defense
http://www.amazon.com/Cross-Site-Scripting-Attacks-Exploits/dp/1597491543/sr=1-1/qid=1170769149?ie=UTF8&s=books
Articles:-
The Web has Betrayed Us
http://www.gnucitizen.org/blog/cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365-web-has-betrayed-us
Persistent CSRF and The Hotlink Hell
http://www.gnucitizen.org/blog/persistent-csrf-and-cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365-hotlink-hell
Preventing CSRF
http://www.gnucitizen.org/blog/preventing-csrf
Sex, Candies and Bookmarklet Exploits
http://www.gnucitizen.org/blog/sex-candies-and-bookmarklet-exploits
The Machine is Using Us
http://www.gnucitizen.org/blog/cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365-machine-is-using-us
Playing in Large
http://www.gnucitizen.org/blog/playing-in-large
Universal PDF XSS After Party
http://www.gnucitizen.org/blog/universal-pdf-xss-after-party
Danger Danger Danger
http://www.gnucitizen.org/blog/danger-danger-danger
Web OS
http://www.gnucitizen.org/blog/web-os
Cross-site Request Forgery
http://www.gnucitizen.org/blog/cross-site-request-forgery
The 0XSS Credo
http://www.gnucitizen.org/blog/cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365-0xss-credo
The Backdooring Series:
http://www.gnucitizen.org/blog/backdooring-images
http://www.gnucitizen.org/blog/backdooring-mp3-files
http://www.gnucitizen.org/blog/backdooring-quicktime-movies
http://www.gnucitizen.org/blog/backdooring-flash-objects-receipt
http://www.gnucitizen.org/blog/backdooring-flash-objects
http://www.gnucitizen.org/blog/backdooring-web-pages
The XSSing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Lan Series:
http://www.gnucitizen.org/blog/xssing-cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365-lan-4
http://www.gnucitizen.org/blog/xssing-cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365-lan-3
http://www.gnucitizen.org/blog/xssing-cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365-lan-2
http://www.gnucitizen.org/blog/xssing-cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365-lan
Presentation:-
Advanced Web hacking revealed
http://www.owasp.org/index.php/6th_OWASP_AppSec_Conference_-_Italy_2007/Agenda
Tools written by him:-
Some of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tools published by him
JavaScript YPipes Spider
http://www.gnucitizen.org/projects/6th-owasp-conference/spider.htm
JavaScript TinyURL Filesystem
http://www.gnucitizen.org/projects/6th-owasp-conference/tinyfs.htm
Google Hacking Database Interface
http://www.gnucitizen.org/applications/ghdb
JavaScript Port Scanner
http://www.gnucitizen.org/projects/javascript-port-scanner
Greasemonkey Backdoor
http://www.gnucitizen.org/projects/greasecarnaval
Exploit Development Environment for Firefox
http://www.gnucitizen.org/projects/technika
Geo position Zombies on a map
http://www.gnucitizen.org/applications/zombiemap
Attack Framework for controlling zombies
http://www.gnucitizen.org/applications/backframe
simple JavaScript tesing framework
http://www.gnucitizen.org/projects/firetest
powerful JavaScript based attack library
http://www.gnucitizen.org/projects/attackapi
The Cross-site Scripting database
http://www.gnucitizen.org/applications/xssdb
Powerful and very customizable attack communication channel
http://www.gnucitizen.org/projects/javascript-attack-channel
Set of utilities useful when performing enumeration attacks
http://www.gnucitizen.org/projects/met
Company working for:-
NTA-Monitor
Email:-
pdp__at__gnucitizen_dot_org
Blog:-
gnucitizen.org
Web:-
gnucitizen.org
Companies worked for:-
Freelance
Pdp has a vast knowledge of different technologies and frameworks available on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 internet. If you are not already following his blog, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n I would recommend doing so. He brings up some good points for webappsec community.
Last Week – Saumil Shah
Next Week – Alex Stamos
“I have always been fascinated by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 power of Web but it was around year 2000 when I got into web application security. Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n that, my interests towards IT security has been growing since 1995. Funny enough, it was "Hackers", cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 movie that sort of inspired me to spend my time on solving interesting problems with my not-so-advance for that time PC, racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n wasting time on games. Back cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n, I had 286 MHz "Pravetz", produced in Bulgaria. One of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first projects of mine was a simple calculator that was also password protected. When I finished cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 project, I also learned how to trick cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 password protection mechanism by modifying cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 jumper inside cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 program binary. That was fun. The Bulgarian underground scene used to be a great resource for me to learn. I started reading an online-zine called Phreadom. I am still looking for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 old issues but I guess cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are somehow lost forever.
I started hacking from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time I learned how to program. My Dad told me that programming is one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 few professions out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re that teaches you about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world in general since programmers try to reflect real world problems into easy to maintain and use software products. That made me start thinking outside cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 box. I define myself as a life-hacker. I guess this is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reason why I am where I am today. When I came to UK I didn't wanted to waste time so I did a lot of security related projects. This is when my IT Security career started. I was 18 I was doing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 stuff that I wanted to do all my life.”
Based out of london, UK, pdp is only 22 years old. Below is a list of his contributions to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 webappsec community.
Books:-
XSS Attacks: Exploits and Defense
http://www.amazon.com/Cross-Site-Scripting-Attacks-Exploits/dp/1597491543/sr=1-1/qid=1170769149?ie=UTF8&s=books
Articles:-
The Web has Betrayed Us
http://www.gnucitizen.org/blog/cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365-web-has-betrayed-us
Persistent CSRF and The Hotlink Hell
http://www.gnucitizen.org/blog/persistent-csrf-and-cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365-hotlink-hell
Preventing CSRF
http://www.gnucitizen.org/blog/preventing-csrf
Sex, Candies and Bookmarklet Exploits
http://www.gnucitizen.org/blog/sex-candies-and-bookmarklet-exploits
The Machine is Using Us
http://www.gnucitizen.org/blog/cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365-machine-is-using-us
Playing in Large
http://www.gnucitizen.org/blog/playing-in-large
Universal PDF XSS After Party
http://www.gnucitizen.org/blog/universal-pdf-xss-after-party
Danger Danger Danger
http://www.gnucitizen.org/blog/danger-danger-danger
Web OS
http://www.gnucitizen.org/blog/web-os
Cross-site Request Forgery
http://www.gnucitizen.org/blog/cross-site-request-forgery
The 0XSS Credo
http://www.gnucitizen.org/blog/cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365-0xss-credo
The Backdooring Series:
http://www.gnucitizen.org/blog/backdooring-images
http://www.gnucitizen.org/blog/backdooring-mp3-files
http://www.gnucitizen.org/blog/backdooring-quicktime-movies
http://www.gnucitizen.org/blog/backdooring-flash-objects-receipt
http://www.gnucitizen.org/blog/backdooring-flash-objects
http://www.gnucitizen.org/blog/backdooring-web-pages
The XSSing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Lan Series:
http://www.gnucitizen.org/blog/xssing-cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365-lan-4
http://www.gnucitizen.org/blog/xssing-cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365-lan-3
http://www.gnucitizen.org/blog/xssing-cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365-lan-2
http://www.gnucitizen.org/blog/xssing-cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365-lan
Presentation:-
Advanced Web hacking revealed
http://www.owasp.org/index.php/6th_OWASP_AppSec_Conference_-_Italy_2007/Agenda
Tools written by him:-
Some of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tools published by him
JavaScript YPipes Spider
http://www.gnucitizen.org/projects/6th-owasp-conference/spider.htm
JavaScript TinyURL Filesystem
http://www.gnucitizen.org/projects/6th-owasp-conference/tinyfs.htm
Google Hacking Database Interface
http://www.gnucitizen.org/applications/ghdb
JavaScript Port Scanner
http://www.gnucitizen.org/projects/javascript-port-scanner
Greasemonkey Backdoor
http://www.gnucitizen.org/projects/greasecarnaval
Exploit Development Environment for Firefox
http://www.gnucitizen.org/projects/technika
Geo position Zombies on a map
http://www.gnucitizen.org/applications/zombiemap
Attack Framework for controlling zombies
http://www.gnucitizen.org/applications/backframe
simple JavaScript tesing framework
http://www.gnucitizen.org/projects/firetest
powerful JavaScript based attack library
http://www.gnucitizen.org/projects/attackapi
The Cross-site Scripting database
http://www.gnucitizen.org/applications/xssdb
Powerful and very customizable attack communication channel
http://www.gnucitizen.org/projects/javascript-attack-channel
Set of utilities useful when performing enumeration attacks
http://www.gnucitizen.org/projects/met
Company working for:-
NTA-Monitor
Email:-
pdp__at__gnucitizen_dot_org
Blog:-
gnucitizen.org
Web:-
gnucitizen.org
Companies worked for:-
Freelance
Pdp has a vast knowledge of different technologies and frameworks available on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 internet. If you are not already following his blog, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n I would recommend doing so. He brings up some good points for webappsec community.
Last Week – Saumil Shah
Next Week – Alex Stamos
