Events Related:

  • Ekoparty 2010 Wrap-Up – dvlabs.tippingpoint.com
    The reason that Ekoparty is the premier conference in South America can be summed up in one word: collaboration.
  • Metasploit Unleashed, Again! – offensive-security.com
    As new features are being added to the Metasploit Framework, we are attempting to add them to the Wiki in order to keep our content fresh and up-to-date to ensure we are providing a valuable resource to our readers.
  • S4 2011 Cancelled – digitalbond.com
    It is with great sadness that we announce there will be no SCADA Security Scientific Symposium [S4] this January.
  • Crypto Challenges at the CSAW 2010 Application CTF Qualifying Round – gdssecurity.com
    Two of of our former interns, Julian Cohen and Luis Garcia, who were responsible for organizing the CTF asked that I help write some crypto challenges, as well as be one of the judges of the competition.
  • Beyond DEFCON 15 Must See Hacking Conferences – threatpost.com
    The editorial team at Threatpost has compiled this list of 15 shows we think are worth a second look.

Resources:

  • New Paper on Password Security Metrics – reusablesec.blogspot.com
    Since I had the paper and presentation approved through my company’s public release office I was given permission to blog about this subject while the larger issue of my blog is still going through the proper channels.

Tools:

  • Windows Credentials Editor v1.0 (WCE) – hexale.blogspot.com
    It allows to perform pass-the-hash and other things related to windows logon sessions and supports XP,2003,7,2008 and Vista.
  • UPDATE: BeEF v0.4.1-alpha! – pentestit.com
    Now, an updated alpha version – BeEF v0.4.1-alpha has been made available to us!
  • ESF: A Exploit Next Generation SQL Fingerprinter Tool! – pentestit.com
    The Exploit Next Generation SQL FingerprintT (ESF) uses well-known techniques based on several public tools that are capable to identify the Microsoft SQL Server version (such as: SQLping and SQLver).
  • UPDATE: Network Security Toolkit v2.13.0! – pentestit.com
    The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86/x86_64 platforms.
  • SECmic: A Penetration Testing Distro! – pentestit.com
    It comprises over 200 pre-installed security oriented applications and maintains Ubuntu/Kubuntu update compatibility; meaning you will be able to receive security updates directly from the Ubuntu/Kubuntu repositories for the lifetime of this Kubuntu 10.04 LTS based release.
  • Qubes Alpha 3! – theinvisiblethings.blogspot.com
    Disposable VMs are really a killer feature IMO.
  • DotNetaslpoit – digitalbodyguard.com
    DotNetasploit is a software system that allows .NET payloads to be used against running .NET applications.
  • HotFuzz: A Peach based Smart Network Fuzzer! – pentestit.com
    The HotFuzz project aims at providing a tool for discovering security vulnerabilities in network applications.
  • UPDATE: FOCA v2.5.3! – pentestit.com
    FOCA, which stands for “Fingerprinting Organization with Collected Archives” is an automated tool for downloading documents published in websites, extracting metadata and analyzing data.
  • VSAM – vsam.sourceforge.net
    Based on the great work of the Inprotect project, Vsam extends the ability of Inprotect by bringing the power of virtualization to this highly functional project.
  • UPDATE: Web Security Dojo v1.01rc1! – pentestit.com
    A free open-source self-contained training environment for Web Application Security penetration testing.
  • OWASP ZAP – Zed Attack Proxy – Web Application Penetration Testing – darknet.org.uk
    It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing.
  • Oracle passwords (DES) solver 0.2 (SSE2) – conus.info
    It is possible because significant amount of work is to generate all hashes for all possible passwords, but checking generated hash value against to what is defined in list, is not very costly.
  • PyProxy | Proxy Hunter and Tester, A high-level cross-protocol proxy-hunter python library – gunslingerc0de.wordpress.com
    PyProxy is a Proxy Hunter and Tester, a high-level cross-protocol proxy-hunter python library.

Techniques:

Vulnerabilities:

Vendor/Software Patches:

  • Oracle Critical Patch Update October 2010 Pre-Release Analysis – integrigy.com
    Oracle E-Business Suite customers with externally facing implementations should carefully review the remotely exploitable vulnerabilities in iRecruitment to determine if these pages are blocked by the URL firewall.
  • Adobe ships another mega-patch for PDF Reader – zdnet.com
    Adobe has slapped another band-aid on its heavily targeted PDF Reader/Acrobat product line, warning that hackers are already exploiting some of these vulnerabilities to launch malware attacks.

Other News: