Paul Ooi

Author: Paul Ooi

  • Hula Leh! Tired today

    Weather is good
    Today, everybody feel sleepy, it’s because of the rain? Nice weather to sleep on the bed, my housemate is sick, hope he slept well 😉 and I also hope I am not to sleep on the bed.. Work is tiring.

    Blogger no freedome?

    Have you read the news from newspaper lately? Few bloggers are charged due to racist content on the internet. Now… It’s unsafe to blog anymore, why? May be I may get sue by TMNut someday because kutuk them all the time, change their net to nuts logo. But I got no fear, because your services is really SUCK. Back to the freedome of blogger, does that mean NO BLOGGER FREEDOME sign is popping up now? Anyways, I gonna blog less, concentrate on my teacher – Chan Boon Heng’s website.

    New Wireless Router
    I got new Netgear wireless(b,g) router today. Now my place have better coverage, in my room as well. Before that I was using D-Link(wifi-b), the signal wasn’t that strong, another housemate complaining his room got no signal. But I think now the signal reach his room.

    So Monday is gone, Tuesday then Friday.. Time pass.. Very Fast!


    Tweety Bird took picture: That botak is no longer botak anymore


    Tweety Bird took picture: Hey, this pic is good prove to our boss we are not jumping, WE ARE WORKING. But the person hold the camera leh?? 😛


    New wireless routhe, cool huh? 🙂


    It rocks!


    I like to look at the night view from my room before I sleep…

  • Haze is back?

    Haze is back? I can’t see KL Tower in the morning, I went to visit Malaysia Department of Environment website, no update for today API.


    Usual view

  • A website, for my beloved teacher

    Today is the 4th day since my teacher passed away. Every night I dream the unforgetable moment in primary school. He was a good teacher.

    I want to dedicate the website www.chanboonheng.com to him. Every one is welcome to write a poem or article for him. I hope all his students, friends and teachers will always remember him. Whenever you think of him, you can visit the website and leave him a message.

  • 我的后代怎样生存?

    最近一直在读有关我老师坠死的新闻,到现在我还是很难的接受。越读越气,越读越“猪懒”。

    我母校已经在年头要求政府拨款维修,但是竟然没得到政府的回应。试问下教育部门到底在干什么?或者是因为是华校?吉华华小或高中,是亚罗士打的数一数二名校,一向来都是华社的帮助才能生存下去。现在人死了才拨出RM50,000来维修,那么是不是任何事都要牺牲了一条人命才有所行动?

    “我们”在这里被“他们”说我们来“他们”的地方,甚至有部长在国会里叫“我们”离开这里,部长竟然会说这种话是不是引“我们”的民愤,或是帮“他们”说出心声?那我就会想,我后代怎样在这“他们”的土地生存?

  • Hack In The Box Training

    Due to some reason, I can’t attend Hack In The Box Tech Training I – Web Application – Attack and Defence. I am selling my seat ticket to other people who are interest at the price of RM1800.

    For those who are interested, please contact me at 012 454 6360 or email to paul [at] takizo.com

    What will Web Application – Attack and Defence covered?

    Introduction to web applications
    1. Components of a web application
    2. Basics of web technologies and protocol information
    3. Evolution of technologies and impact on security
    4. Understanding other basic web security-related concepts
    5. Learning tools like netcat, achilles etc. to understand its usage and
    6. Application. (Hands on for the group)

    Web Hacking – Areas of attack

    Various attacks will be covered in detail with demonstration followed by hands on exercises. Following is a brief list of attacks.

    1. Cross-site scripting attacks
    2. SQL Query Injection
    3. Session Hijacking
    4. Buffer Overflows
    5. Java Decompilation
    6. HTTP brute forcing
    7. Trojan Horses and Malware products
    8. Form Manipulation, Query Poisoning
    9. Input Validation,Parameter Tampering
    10. Authentication
    11. Information leakage
    12. File operations
    13. Client-side manipulations
    14. Cryptography
    15. Error/Exception handling

    Attack and Defense strategies
    1. Impact of attacks
    2. Risk analysis
    3. Countermeasures
    4. Defense strategies and methods

    Assessment Methodology and Defending Applications
    1. Footprinting and Discovery
    2. Reconnaissance – Profiling a web application
    3. Black-box and White-box testing
    4. Exploiting vulnerabilities
    5. Defending applications
    6. Secure coding strategies

    Web Services Assessment
    1. Footprinting
    2. Discovery
    3. Technology Identification
    4. Attack vector for web services
    5. Defense methods
    6. Toolkit – wsChess (http://www.net-square.com/wschess) play around and learn more from Author of the toolkit.

    Hands-on : The training programme will end with an “assessment challenge” – a live Web Application. Working with time constraints, participants are expected to analyze the application, identify and exploit loopholes and apply all defense strategies learnt, to secure the application.

    For more information, check our Hack In The Box website