the home of rain forest puppy

rfp.labs

• rfp.labs home
• rfpolicy
• libwhisker

site

• wiretrip home
• hardhack
• rain forest puppy / rfp.labs
• rfpolicy
• libwhisker
• contact wiretrip

search

related

• graduated script kiddie
• Hack a Day
• CIRT.net

    welcome to rfp.labs

rfpolicy, responsible disclosure

rfpolicy v2 is still alive and well at http://www.wiretrip.net/rfp/policy.html. For related historical reasons, I have also archived a copy of the (now defunct) IETF responsible disclosure draft (note: I did not participate or contribute to the draft).

libwhisker

The libwhisker Perl library is a multi-purpose HTTP utility and client library meant to be light-weight and extremely portable. It is still under active maintanence. Please see the libwhisker page for more details.

whisker

The whisker web scanner has long been depreciated; please use Nikto instead. The whisker anti-ids tactics whitepaper is still archived here for historical and reference purposes.

security advisories

RFP9901 NT ODBC Remote Compromise
RFP9902 RDS/IIS 4.0 Vulnerability
RFP9903 AeDebug Vulnerability
RFP9904 TeamTrack webserver vulnerability
RFP9905 Zeus webserver (search) vulnerability
RFP9906 NT 4 services.exe DoS (RFPoison)
RFP9907 RDS followup
RFP2K01 "How I hacked PacketStorm"
RFP2K02 "Netscape engineers are weenies!"
RFP2K03 Contemplations on dvwssr.dll
RFP2K04 Mining BlackICE with RFPickAxe
RFP2K05 NetProwler vs. RFProwler
RFP2101 RFPlutonium to fuel your PHP-Nuke
RFP2201 MS Site Server Evilness

misc papers, documents, and articles

cold fusion sample scripts
Phrack 54: NT Web Technology Vulnerabilities
Phrack 55: Perl CGI problems
el8.org advisory (rfparalyze)
evolution.txt