Events Related:

Resources:

Tools:

  • XCAMPO – code.google.com/p/xcampo/
    This website will help you to generate different payloads to your XSS demos. Use them responsible in your own website or in these where you are allowed to do.
  • Plugin Highlight – Web Application Tests : Load Estimation (ID 33817) – tenablesecurity.com
    While troubleshooting this apparent disparity, I came across a useful plugin that helped me see a little of what was going on in the background.
  • SSL Testing Tool ssltest.pl – grey-corner.blogspot.com
    The reverse proxy I was attempting to test was not correctly responding to or closing SSLv2 and TLSv1 sessions, causing a number of the tools that I commonly use to freeze up.
  • Yep, they fixed it. – golubev.com
    Both cores of ATI 5970 works correctly with Catalyst 10.7. Again. It took just 4 months for ATI to fix it, simply awesome.
  • GRAUDIT Version 1.7 Released – justanotherhacker.com
    The make file currently supports the old style home directory install (make user install), but that is deprecated and will be dropped as ./configure –prefix /home/user/bin –dbdir /home/user/.graudit;make install does the same thing.
  • Wireshark 1.2.10, 1.0.15, and 1.4.0rc2 Released – wireshark.org
    Several user interface bugs have been fixed. Bugs in the GTP, IAX2, OMAPI, PRES, SCSI, SMB, and UNISTIM dissectors have been fixed.
  • NoScript 2.0 released – sans.edu
    The main new feature is protection against the Craig Heffner’s DNS rebinding attack that’s getting some press.
  • dharmaencoder_v05 – code.google.com/p/dharmaencoder/
    DharmaEncoder is a tool that is helpful when you need to perform encoding and decoding functions on various types of data for security testing.
  • DOMTracer – Firefox Plugin (Trace DOM and JavaScript Calls) just released – @ToolsWatch
  • DOMScan – Scanning and Analyzing DOM Just released – @ToolsWatch
  • PyLoris – sourceforge.net/projects/pyloris/
    PyLoris is a scriptable tool for testing a web server’s vulnerability to Denial of Service (DoS) attacks which supports SOCKS, SSL, and all HTTP request methods.
  • Websecurify 0.7RC1 – code.google.com/p/websecurify/
    Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.
  • New Release Plan – neopwn.com
    There has been an incredible investment of time put into this project on the NeoPwn side of the fence, and there is not an apparent benefit to gain given the lack of development and support shown otherwise.
Techniques:

Vendor/Software Patches:

  • Microsoft to Issue Emergency Patch for Critical Windows Bug – krebsonsecurity.com
    Microsoft said Thursday that it will issue an out-of-band security update on Monday to fix a critical, remotely-exploitable security hole present in all versions of Windows, which the software giant says is fueling an increasing number of online attacks.

Other News: