Events Related:


  • BlackHat 2010 – Slides / Paper / Rest. –
    This year my talk was 50 minutes long (i wasn’t convinced that the topic could hold interest for longer periods), and my keynote deck was made up of 38 slides.
  • 20 Critical Security Controls –
    The 20 Critical Controls are the most effective processes that organizations use to stop computer attackers from gaining entry to systems and networks, or to mitigate damage from attackers who get in.
  • SQL Injection Cheat Sheet –
    Most of the real world environments may change because of parenthesis, different code bases and unexpected, strange SQL sentences.
  • Reverse Engineering over Acrobat Reader using Immunity Debugger (RECON) –
    Blind scanning using generic fuzzers and automated generic tools don’t have a significant level of success anymore.
  • Constricting The Web: Post Black Hat –
    The basic premise of our talk is that web architectures and technology are getting far more complicated and it is not sufficient just to run a vulnerability scanner on an application and call it done.
  • How to Render SSL Useless –
    In this video from the OWASP AppSec Research conference in Sweden, security researcher Ivan Ristic of Qualys discusses practical methods for breaking SSL.
  • ClamAV for Windows –
    ClamAV for Windows utilizes advanced Cloud-based and community-based detection methods.
  • Is My Mail Secure? –
    Secure email transfers rely not only on the security of the connection between the mail client (email program) and the email server (or a secure webmail site in the browser), but also on secure connections between servers.
  • iPen: Hacking with the iDevice –
    So this article/how-to/whatever is just that. A document of my experiences turning my iPod Touch into a all-in-one hacking/penetration-testing platform.
  • Steam Hardware & Software Survey: July 2010 –
    Steam collects data about what kinds of computer hardware and software our customers are using.


  • MetasploitExpress::Parser –
    I coded for around 4 hours at Defcon and MetasploitExpress::Parser was ready before his presentation on Sunday.
  • Metasploit Java Meterpreter Payload –
    It is not fully implemented into the framework yet and in order to get it up and running some manual tweaking is needed.
  • RSMangler – Keyword Based Wordlist Generator For Bruteforcing –
    The main new feature is permutations mode which takes each word in the list and combines it with the others to produce all possible permutations (not combinations, order matters).
  • Websecurify 0.7 –
    This version contains numerous improvements including user interface changes, faster, more stable testing platform, among others.
  • Blind Elephant: A New Web Application Fingerprinting Tool –
    The tool uses the same techniques I’ve been using for a few years now, manually or through custom scripts, during web-app penetration tests to identify the available resources on the web application, and based on them, categorize its type and fingerprint its version.
  • Mobius Forensic Toolkit –
    Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions.
  • cvechecker –
    The goal of cvechecker is to report about possible vulnerabilities on your system, by scanning the installed software and matching the results with the CVE database.
  • Microsoft Baseline Security Analyzer 2.2 –
    Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems.
  • nmapsi4 0.2 beta3 released –
    New nmapsi4 0.2 beta3 is out!
  • Blockfinder –
  • Contrary to popular media claims, blockfinder is a simple text based console tool that returns a list of netblocks for a given country.
  • FGET V1.0 Goes Live!! –
    It’s primary function is collecting sets of forensicly interesting files from one or more remote windows machines.
  • skipfish 1.58b –
    A fully automated, active web application security reconnaissance tool.
  • Virtualization ASsessment TOolkit (VASTO) –
    VASTO is a Virtualization ASsessment TOolkit, a collection of Metasploit modules meant to be used as a testing tool to perform penetration tests or security audit of virtualization solutions.
  • Fast-Track v4.0.1 released –
    Fast-Track is a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network.


Other News: