I think it's not so much realism in the literal sense, so much as using proper terminology, "no no, that doesn't even work like that", sort of stuff. Lockpicking and other hardware hacks are never really portrayed realistically either...
Forum: News and Links

Welcome! Enjoy your stay.
Forum: Intro

http://www.pcgamer.com/2013/05/14/watch-dogs-developers-consult-with-internet-security-firm-for-more-realistic-hacking/ I don't know how much cross-over there is for the sla.ckers and gaming, but I thought this was really cool. Any of you consultants lurking?
Forum: News and Links

Hey, to be fair; to the uninitiated, compression IS obfuscation.
Forum: OMG Ponies

About 9 out of every 10 people, make up 90% of the population?
Forum: OMG Ponies

Sorry things are a bit slowly lately! Welcome to the board.
Forum: Intro

You too bud! A merry consumermas to all!
Forum: News and Links

I'm Kyran. Nice to meet you all. ;D
Forum: Intro

Naw that wouldn't work. I got it figured out. I have another problem though. Is there anyway to change/intercept the MIME type of a response with js or something? The response of my csrf is in json and opens up a file download on some browsers.
Forum: CSRF and Session Info

I've got a great CSRF vuln. Can perform basically any action as the user with ease. But I want to automate certain tasks without redirecting the user around or them knowing what actions. After creating an iframe in jscript via the dom, how can I create a form to POST from and submit it? I'm just unsure on how to call the submit in the iframe, from jscript inside the iframe.
Forum: CSRF and Session Info

The idea of tracking down social media oriented hacker organizations has intrigued me ever since places like AnonOps and whatnot have been popping up with regular frequency. Although far from an exact science, mapping social networking data/timings to major events in their communities; much like HBGary folk were working on, seems like it has much potential. Since groups like this usually thrive on
Forum: OMG Ponies

Just stopping in to say, quickly, I stopped using Opera the moment they put Opera Unite into their beta. For those that remember me, kind of a big deal for me to stop. Lol.
Forum: News and Links

rsnake Wrote: ------------------------------------------------------- > You haven't seen URL's with < or > in them before? > Hmmm... you should visit some math sites. ;) > Also, some sides DO allow HTML to be entered into > them, so you would risk breaking those sites as > well if you implemented something like that > globally. But it still might be worth it to ge
Forum: Projects

Do you mean anglebrackets/chevons '<', or parentheses ()? Either way, I think both do have some legitimate uses in the address field. We would need virus heuristics-kinda guys working with the browser devs. It's hard to distinguish between a legit request and XSS. Think about the large amount of attack vectors, encoding differences, etc.
Forum: Projects

Perhaps on the client side it's a good time to start again looking at things like this. With a look at the built-in anti-phishing tools in browsers, it could easily be opt-in as well as only give a warning, instead of blocking the site. Hopefully more people in the browser developer community understand the issues now and will actually care to look at something like this.
Forum: Projects

I have a feeling CUDA will be the solution to breaking these...
Forum: Robots/Spiders/CAPTCHAs, oh my

Long story short, if you're a budding developer, learn it. If you're here to break stuff...well. You don't need to be an engineer to hotwire a car or smash a window. Learn what you need.
Forum: Intro

Nice logo. Haha. Definitely warmer than the CCL.
Forum: Projects

id Wrote: ------------------------------------------------------- > spam I'm more partial to Holiday brand.
Forum: OMG Ponies

"Dood. I'm SO high I'm going to use a Google product." "Whoa. Really? That must be intense shit!"
Forum: Intro

So, who wants to move the sla.ckers board over to a gopher server?
Forum: News and Links

Kyran Wrote: ------------------------------------------------------- > I'm sure the filters won't be updated amazingly > frequently. A siteless xss warhol worm will > probably always be possible. I've been doing alot of work in the past few days. It's definitely possible. Let's leave it at that for now.
Forum: XSS Info

I'm sure the filters won't be updated amazingly frequently. A siteless xss warhol worm will probably always be possible.
Forum: XSS Info

What do you guys think of this? http://www.google.com/chrome So far, it's fast. But very featureless. I haven't tested any security of it yet.
Forum: News and Links

That's the opinion of most of us I believe. Neither by itself will stop XSS and to be honest, both won't either. But it's much better.
Forum: XSS Info

thrill Wrote: ------------------------------------------------------- > P.S. I hope, I did not break any rules of this > forum > > We have rules on this forum? I'm screwed.. ;) > > Welcome aboard! Whoa. Wait. Rules? Fuck. Does that mean I actually have to do something with this mod power? :( Welcome!
Forum: Intro

Hm. Try an AJAX approach? Make an action-less form to cover the real form. end the </form>. Add a fake submit button with an onclick. The function will take the data from the form and submit it with XHR. Then go to a new location.
Forum: Bugs

All of their errors are really generic, maybe something in the profiles, but no obvious reflective vectors.
Forum: XSS Info

I just give them my credit card number. That seems to make them go away....
Forum: News and Links

Well, unfortunately it's a password with a 10 char minimum. Otherwise I would have done so. And I don't have DB access, so I can't get you others to sample from. I fear with my current data it's probably unsolvable.
Forum: OMG Ponies