Subscribe to Infosec Events
Infosec Events Feed Stay up to date with all of the latest security news by subscribing to our RSS Feed. Alternatively, you can have updates sent directly to your email address.

Week 32 in Review – 2010

Published: August 16th, 2010 | Category: Security Conferences, Security Tools, Security Training, Security Vulnerabilities, Security Workshops, Vendor News

Events Related:

Resources:

Tools:

  • 15 new nmap scripts – cqure.net
    These scripts include support for collecting Internet password hashes and user ID files.
  • OpenFISMA Release 2.8.0! – openfisma.org
    Endeavor is proud to announce OpenFISMA 2.8.0, the latest release of our award winning FISMA compliance software and enterprise risk management tool.
  • Metasploit 3.4 and SET 0.6.1 on iPhone 4 – offensive-security.com
    Just a quick update on getting your favorite tools on iOS 4 – Metasploit and SET.
  • Constricting the Web: The GDS Burp API – gdssecurity.com
    At GDS, of the many web application security testing tools available, we often use PortSwigger’s Burp Suite.
  • TitanMist – reversinglabs.com
    TitanMist is the nicely packaged and open source catch all tool that will become your first line of defense.
  • skipfish 1.55b – code.google.com/p/skipfish
    A fully automated, active web application security reconnaissance tool.
  • Summertime and DOMScan – marcoramilli.blogspot.com
    DOMScan is utility to drive IE and capture real time DOM from the browser.
  • BitBlaze – Binary Analysis Platform For Computer Security – darknet.org.uk
    Binary analysis is imperative for protecting COTS (common off-the-shelf) programs and analyzing and defending against the myriad of malicious code.
  • Version 0.2 of SSL Testing Tool ssltest.pl – grey-corner.blogspot.com
    The changes in version 0.2 were essentially focused on getting the same functionality from the tool when run in Windows.
  • Vera 0.20 – Now Available – offensivecomputing.net
    If you’re not familiar with VERA, it’s a visualization tool to help understand the dynamic execution of a program.
  • Social-Engineer Toolkit v0.6.1 Teensy USB HID Attack Vector – secmaniac.com
    In the Social-Engineer Toolkit (SET), gives you the ability to choose Metasploit based payloads and drop a small download stager either through WSCRIPT or through PowerShell to download a backdoor from a remote IP/machine and execute it on the system itself.
  • ROPEME – ROP Exploit Made Easy – vnsecurity.net
    ROPEME – ROP Exploit Made Easy – is a PoC tool for ROP exploit automation on Linux x86.
  • RIPS – sourceforge.net
    RIPS is a static source code analyser for vulnerabilities in PHP webapplications.

Techniques:

  • BackTrack4-R1 + AWUS036NH = Win! – rootshell.be
    For a long time, I used a good old Orinoco PCMCIA card to play around with WiFi networks.
  • More Updates to the Backtrack 4 Full Disk Encryption How-to – infosecramblings.com
    It turns out that the install of R1 pretty much uses up close to 8GB, actually about 7, but who’s counting.
  • Defcon: Advanced Format String Attacks – redspin.com
    My presentation was a continuation of my previous Automatic Format String Exploitation research, and I have updated the materials from the presentation.
  • Seven Security (Mis)Configurations in Java web.xml Files – sans.org
    Instead of rehashing how to configure roles, protect web resources, and set up different types of authentication let’s look at some of the most common security misconfigurations in Java web.xml files.
  • Spanish Password Security – imperva.com
    Of the 32 million passwords, a significant portion, 1,830,196, were identified as Spanish which included passwords that could be bilingual.
  • Signed Java Applet Security: Worse than ActiveX? – cert.org
    From the user awareness point of view, if you are ever presented with a dialog that is requesting permission to run a signed Java applet, keep in mind that the code may be malicious.
  • Followup to my Facebook research – skullsecurity.org
    The first, and most obvious, occurs when Nmap (or the other tools I mentioned) are performing a password-guessing audit against a host.
  • More Fun With Nessus Reports – wepma.blogspot.com
    A common grievance for security professionals dealing with Nessus reports is the organization of the report by host or IP address.
  • Teensy Pwn – vimeo.com
    Teensy device programmed to download and execute MSF payload.
  • XFS 101: Cross-Frame Scripting Explained – securestate.blogspot.com
    XFS exploits a bug in specific browsers that allows a parent frame to be exposed to events in an embedded iFrame inside of it.

Vulnerabilities:

Vendor/Software Patches:

Other News:

Be Sociable, Share!

    Tags: , , ,

    RSS feed | Trackback URI

    Comments »

    No comments yet.

    Name (required)
    E-mail (required - never shown publicly)
    URI
    Your Comment (smaller size | larger size)
    You may use <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> in your comment.

    Trackback responses to this post

    © Godai Group 2014
    Home - Calendar - Communities - Training - Archives - Contact