- Free Online Information Security Training By Offensive Security – offensive-security.com
A free version of the online course, Metasploit Unleashed – Mastering the Framework.
- The Top Cyber Security Risks – sans.org
Two risks dwarf all others, but organizations fail to mitigate them
- SecurityTube – hackaday.com
This is the YouTube for hacks and security-related videos.
- Research Presentation from EnergySec – digitalbond.com
A presentation about control system security research and tools
- Penetration Testing and Vulnerability Analysis – pentest.cryptocity.net/blog/
A blog about the pentesting course at NYU:Poly
- Origami v1.0.0 Beta0 – security-labs.org
Origami is a Ruby framework designed to parse, analyze, and forge PDF documents.
- PDFRessurect v0.8 – 757labs.com
This tool attempts to extract all previous versions while also producing a summary of changes between versions.
- Wireshark 1.2.2, 1.0.9 and 1.3.0 Released – wireshark.org
The update contains numerous fixes.
- BinScope Binary Analyzer – microsoft.com
BinScope is a Microsoft verification tool that analyzes binaries on a project-wide level.
- MiniFuzz File Fuzzer – microsoft.com
MiniFuzz is a very simple fuzzer designed to ease adoption of fuzz testing by non-security people.
- Nessus 4.0.2 Released – tenablesecurity.com
This release includes several fixes and support for the latest operating systems from Microsoft and Apple.
- RFIDIOt v0.z – rfidiot.org
RFIDIOt is an open source python library for exploring RFID devices.
- John the Ripper v18.104.22.168 – net-security.org
Its primary purpose is to detect weak Unix passwords
- BeEF v0.4 – bindshell.net
This tool will demonstrate the collecting of zombie browsers and browser vulnerabilities in real-time.
- MSSQLScan 0.8.4 – cqure.net
A small multi-threaded tool that scans for Microsoft SQL Servers.
- In the wild Flash exploit analysis – part 2 – zscaler.com
In this post, we will see how the shellcode functions and how it downloads malicious binaries to an infected system.
- Scanning Web Applications That Require Authentication – tenablesecurity.com
Nessus can be configured with the appropriate credentials for these authentication schemes as they relate to web application testing.
- TOTW: Port Redirection (nc, socat, ssh, fpipe, cryptcat) – itsecops.blogspot.com
This Tool/Technique Of The Week (TOTW) covers port redirection using different tools.
- Building a Java Applet with Meterpreter Payload – spl0it.wordpress.com
A talk about building an Applet that executes cmd.exe.
- BeEF: XSS Vuln To Hack In Less Than 20 Characters – darkreading.com
BeEF is a fantastic tool for getting across to developers and Web admins the seriousness of vulnerabilities like cross-site scripting (XSS).
- Access token stealing on Windows – rootkit.com
In Windows versions prior to Windows Vista there were no integrity checks on these fields, therefore it was possible to add and remove SIDs.
- SMB2 exploit released to the wild
Yesterday a well known security company added a remote SMB2 exploit module for their exploitation product.
- White hats release exploit for critical Windows vuln – theregister.co.uk
- Microsoft Confirms SMB2 Flaw, Heightens Severity – threatpost.com
- Update on the SMB vulnerability situation – technet.com
- Microsoft ships one-click ‘workaround’ for critical SMB2 flaw – zdnet.com
The fix-it package effectively disables SMBv2 and then stops and starts the Server service.
- Cisco drops patches for serious IOS vulnerabilities – zdnet.com
This batch of patches, which covers vulnerabilities in the way Cisco IOS processes SIP, NTP, IKE, IP and H.323 tunnels.
- NYT Site Hit by Adjackers
The ad delivery system of the New York Times website was injected with some malicious code
- Android app “tests” Windows vulnerability – hackaday.com
An Android App for “testing” the Windows SMB2 vulnerability we covered last week has been released.
- Safety first for IT executives in China – crn.com.au
US Government recommends weighing laptop before and after each visit.
- DHS to review report on vulnerability in West Coast power grid – computerworld.com
The aim of the research was to study potential weak spots on the West Coast grid.
- Misdirected spyware infects Ohio hospital – cio.com.au
Information on 62 patients was exposed after spyware was allegedly sent via Yahoo mail.
- PBS.org hacked, serving malware cocktail – zdnet.com
- Why virus writers are turning to open source – cnet.com
Malware developers are going open source in an effort to make their malicious software more useful to fraudsters.
- A Security Update: Flash Drives – navy.mil
Authorized users and only DoD-approved, DoD-purchased thumb drives and other USB devices will be allowed.
- Inside the Password-Stealing Business – avertlabs.com
With so many financial transactions occurring online today, stealing passwords is an irresistible attraction for cybercriminals.
- NSW seeks to build unhackable netbook network – itnews.com.au
At the physical layer, each netbook is password-protected and embedded with tracking software at the BIOS level of the machine.
- Cyber Crooks Target Public & Private Schools – washingtonpost.com
On the morning of Aug. 17, hackers who had broken into computers at the Sanford School District initiated a batch of bogus transfers out of the school’s payroll account.