Events Related:

  • EnergySec Summit Recap – digitalbond.com
    The “Intersection of Security and Compliance” conference theme turned out to be largely an indictment of NERC CIP.
  • What I learned at Brucon 2010 – pauldotcom.com
    Bottom line: Brucon was awesome! And now my “trademark” post on what I learned (with lots of pictures)
  • BruCon 2010 Training & Conference Wrap-up – tenablesecurity.com
    It’s a decent sized conference of about 300 people total, including speakers and attendees. Everyone at the conference was extremely nice and very hospitable.
  • Sangria, tapas and hackers: SOURCE Barcelona 2010 – net-security.org
    Apart from the one in Barcelona, there are two more affiliated SOURCE conferences that will be held throughout the year: the “original” one in Boston and the one they will be premiering mid June next year in Seattle.

Resources:

Tools:

  • HackAri – HackBar for Safari – 0x0lab.org
    It is not exactly the same as HackBar, and it has a lot of limitations compared to it (e.g. you cannot resize the request, post data panels).
  • FireMaster: The Firefox Master Password Recovery Tool! – pentestit.com
    According to the author, FireMaster is the first ever built tool to recover the lost master password of Firefox.
  • UA-Tester 1.0 released: Now with 38% more pimp! – c22.cc
    After a few months of playing around with the UA-Tester Alpha release, I’ve finally got the code to a point where I’m happy enough to do a 1.0 release… UA-Tester 1.0, codename Purple Pimp!
  • New Version of PadBuster Available for Download – gdssecurity.com
    Today we have released version 0.2, which includes some bug fixes and a few enhancements.
  • inspathx – code.google.com/p/inspathx/
    A tool that uses local source tree to make requests to the url and search for path inclusion error messages.
  • JBroFuzz – sourceforge.net/projects/jbrofuzz/
    The OWASP JBroFuzz Project is a web application fuzzer for requests being made over HTTP and/or HTTPS.
  • Web Security Dojo v1.0 – sourceforge.net/projects/websecuritydojo/
    A preconfigured, stand-alone training environment for Web Application Security. Virtualbox and VMware versions for download.
  • exploit.co.il Vulnerable Web App – sourceforge.net/projects/exploitcoilvuln/
    exploit.co.il Vulnerable Web app designed as a learning platform to test various SQL injection Techniques.
  • On Free Log Management Tools – chuvakin.blogspot.com
    The log cheat sheet presents a checklist for reviewing critical system, network and security logs when responding to a security incident.
  • Tools Released at DEF CON – defcon.org
    This page is a repository for the great and innovative tools that have accompanied DEF CON talks over the years.
  • cvechecker 1.0 – cvechecker.sourceforge.net
    The tool however needs your help as well. The most work is to tell cvechecker how to detect which software is installed and what version.
  • dirtyJOE – dirty-joe.com
    dirtyJOE – Java Overall Editor is a complex editor and viewer for compiled java binaries (.class files).
  • THC-Hydra – thc.org
    Good news: hydra is now maintained again by me! (as of June 2010), and is now under GPLv3!
  • tit – code.google.com/p/tit/
    “TCP Input Text” implements the Google SOAP Search API to extract TCP Ports and Fully Qualified Domain Names (FQDN) from Google Search Results into a .csv file and individual shell scripts for nmap and nc aka netcat.
  • Ostinato – code.google.com/p/ostinato/
    It aims to be “Wireshark in Reverse” and thus become complementary to Wireshark.

Techniques:

Vulnerabilities:

  • Malware Running On Graphics Cards – slashdot.org
    Given the great potential of general-purpose computing on graphics processors, it is only natural to expect that malware authors will attempt to tap the powerful features of modern GPUs to their benefit.

Vendor/Software Patches:

Other News: