Events Related:



  • 15 new nmap scripts –
    These scripts include support for collecting Internet password hashes and user ID files.
  • OpenFISMA Release 2.8.0! –
    Endeavor is proud to announce OpenFISMA 2.8.0, the latest release of our award winning FISMA compliance software and enterprise risk management tool.
  • Metasploit 3.4 and SET 0.6.1 on iPhone 4 –
    Just a quick update on getting your favorite tools on iOS 4 – Metasploit and SET.
  • Constricting the Web: The GDS Burp API –
    At GDS, of the many web application security testing tools available, we often use PortSwigger’s Burp Suite.
  • TitanMist –
    TitanMist is the nicely packaged and open source catch all tool that will become your first line of defense.
  • skipfish 1.55b –
    A fully automated, active web application security reconnaissance tool.
  • Summertime and DOMScan –
    DOMScan is utility to drive IE and capture real time DOM from the browser.
  • BitBlaze – Binary Analysis Platform For Computer Security –
    Binary analysis is imperative for protecting COTS (common off-the-shelf) programs and analyzing and defending against the myriad of malicious code.
  • Version 0.2 of SSL Testing Tool –
    The changes in version 0.2 were essentially focused on getting the same functionality from the tool when run in Windows.
  • Vera 0.20 – Now Available –
    If you’re not familiar with VERA, it’s a visualization tool to help understand the dynamic execution of a program.
  • Social-Engineer Toolkit v0.6.1 Teensy USB HID Attack Vector –
    In the Social-Engineer Toolkit (SET), gives you the ability to choose Metasploit based payloads and drop a small download stager either through WSCRIPT or through PowerShell to download a backdoor from a remote IP/machine and execute it on the system itself.
  • ROPEME – ROP Exploit Made Easy –
    ROPEME – ROP Exploit Made Easy – is a PoC tool for ROP exploit automation on Linux x86.
  • RIPS –
    RIPS is a static source code analyser for vulnerabilities in PHP webapplications.


  • BackTrack4-R1 + AWUS036NH = Win! –
    For a long time, I used a good old Orinoco PCMCIA card to play around with WiFi networks.
  • More Updates to the Backtrack 4 Full Disk Encryption How-to –
    It turns out that the install of R1 pretty much uses up close to 8GB, actually about 7, but who’s counting.
  • Defcon: Advanced Format String Attacks –
    My presentation was a continuation of my previous Automatic Format String Exploitation research, and I have updated the materials from the presentation.
  • Seven Security (Mis)Configurations in Java web.xml Files –
    Instead of rehashing how to configure roles, protect web resources, and set up different types of authentication let’s look at some of the most common security misconfigurations in Java web.xml files.
  • Spanish Password Security –
    Of the 32 million passwords, a significant portion, 1,830,196, were identified as Spanish which included passwords that could be bilingual.
  • Signed Java Applet Security: Worse than ActiveX? –
    From the user awareness point of view, if you are ever presented with a dialog that is requesting permission to run a signed Java applet, keep in mind that the code may be malicious.
  • Followup to my Facebook research –
    The first, and most obvious, occurs when Nmap (or the other tools I mentioned) are performing a password-guessing audit against a host.
  • More Fun With Nessus Reports –
    A common grievance for security professionals dealing with Nessus reports is the organization of the report by host or IP address.
  • Teensy Pwn –
    Teensy device programmed to download and execute MSF payload.
  • XFS 101: Cross-Frame Scripting Explained –
    XFS exploits a bug in specific browsers that allows a parent frame to be exposed to events in an embedded iFrame inside of it.


Vendor/Software Patches:

Other News: