Hello, I'm updating my website. Nothing is here yet. Published advisories can usually be found here. Public Metasploit Framework modules are generally found in git. For work engagements, try OSI Security. For the 2600 Australia chapter, go to 2600.org.au. Get the Android App. Donations of money and equipment to the Australian Computer Museum Society. Test your anti-malware software at WICAR. Also see the source code. Convert binary to a book and back? Bin2Words.rb on github. Good for preventing MD5 file identification and deletion on cloud storage etc. Work in progress: Business Basics Australia app. Android game (development in progress): github later. Contact: patrick at aushack dot com twitter.com/aushack facebook.com/aushack skype:aushack linkedin:http://www.linkedin.com/in/patrickwebster. Retired projects: * Robanukah was a search engine which scanned URLs for the /robots.txt file and stored all the "disallow" entries. It was great for finding hidden administration interfaces, internal company documents, passwords and other goodies. Today, you can just ask Google for something like "disallow:" inurl:/robots.txt filetype:txt XLS instead (for XLS spreadsheet). * OpenPath.rb was a ruby script for Microsoft Windows systems which would enumerate the registry for services which run as LocalSystem, which use unquoted paths. Unquoted paths can be abused to gain SYSTEM access / privesc. It also tested files where the path was correctly quoted, but the file itself had incorrect NTFS permissions which allows write access. In which case, an attacker could simply copy the executable, overwrite it with a malicious payload, start the service, then after privesc, reinstating the original executable.