Events Related:

Resources:

Tools:

  • 15 new nmap scripts – cqure.net
    These scripts include support for collecting Internet password hashes and user ID files.
  • OpenFISMA Release 2.8.0! – openfisma.org
    Endeavor is proud to announce OpenFISMA 2.8.0, the latest release of our award winning FISMA compliance software and enterprise risk management tool.
  • Metasploit 3.4 and SET 0.6.1 on iPhone 4 – offensive-security.com
    Just a quick update on getting your favorite tools on iOS 4 – Metasploit and SET.
  • Constricting the Web: The GDS Burp API – gdssecurity.com
    At GDS, of the many web application security testing tools available, we often use PortSwigger’s Burp Suite.
  • TitanMist – reversinglabs.com
    TitanMist is the nicely packaged and open source catch all tool that will become your first line of defense.
  • skipfish 1.55b – code.google.com/p/skipfish
    A fully automated, active web application security reconnaissance tool.
  • Summertime and DOMScan – marcoramilli.blogspot.com
    DOMScan is utility to drive IE and capture real time DOM from the browser.
  • BitBlaze – Binary Analysis Platform For Computer Security – darknet.org.uk
    Binary analysis is imperative for protecting COTS (common off-the-shelf) programs and analyzing and defending against the myriad of malicious code.
  • Version 0.2 of SSL Testing Tool ssltest.pl – grey-corner.blogspot.com
    The changes in version 0.2 were essentially focused on getting the same functionality from the tool when run in Windows.
  • Vera 0.20 – Now Available – offensivecomputing.net
    If you’re not familiar with VERA, it’s a visualization tool to help understand the dynamic execution of a program.
  • Social-Engineer Toolkit v0.6.1 Teensy USB HID Attack Vector – secmaniac.com
    In the Social-Engineer Toolkit (SET), gives you the ability to choose Metasploit based payloads and drop a small download stager either through WSCRIPT or through PowerShell to download a backdoor from a remote IP/machine and execute it on the system itself.
  • ROPEME – ROP Exploit Made Easy – vnsecurity.net
    ROPEME – ROP Exploit Made Easy – is a PoC tool for ROP exploit automation on Linux x86.
  • RIPS – sourceforge.net
    RIPS is a static source code analyser for vulnerabilities in PHP webapplications.

Techniques:

  • BackTrack4-R1 + AWUS036NH = Win! – rootshell.be
    For a long time, I used a good old Orinoco PCMCIA card to play around with WiFi networks.
  • More Updates to the Backtrack 4 Full Disk Encryption How-to – infosecramblings.com
    It turns out that the install of R1 pretty much uses up close to 8GB, actually about 7, but who’s counting.
  • Defcon: Advanced Format String Attacks – redspin.com
    My presentation was a continuation of my previous Automatic Format String Exploitation research, and I have updated the materials from the presentation.
  • Seven Security (Mis)Configurations in Java web.xml Files – sans.org
    Instead of rehashing how to configure roles, protect web resources, and set up different types of authentication let’s look at some of the most common security misconfigurations in Java web.xml files.
  • Spanish Password Security – imperva.com
    Of the 32 million passwords, a significant portion, 1,830,196, were identified as Spanish which included passwords that could be bilingual.
  • Signed Java Applet Security: Worse than ActiveX? – cert.org
    From the user awareness point of view, if you are ever presented with a dialog that is requesting permission to run a signed Java applet, keep in mind that the code may be malicious.
  • Followup to my Facebook research – skullsecurity.org
    The first, and most obvious, occurs when Nmap (or the other tools I mentioned) are performing a password-guessing audit against a host.
  • More Fun With Nessus Reports – wepma.blogspot.com
    A common grievance for security professionals dealing with Nessus reports is the organization of the report by host or IP address.
  • Teensy Pwn – vimeo.com
    Teensy device programmed to download and execute MSF payload.
  • XFS 101: Cross-Frame Scripting Explained – securestate.blogspot.com
    XFS exploits a bug in specific browsers that allows a parent frame to be exposed to events in an embedded iFrame inside of it.

Vulnerabilities:

Vendor/Software Patches:

Other News: