Events Related

  • ShmooCon CTF 2011 Ghost In the Shellcode –
    Congratulations to ppp for winning the second GitS CTF! The game board as it was when the contest ended is now live, though answers are not accepted, nor are any of the exploitable services running.
  • Just like the real thing –
    The goal is to build a truly “enterprise class” network, and they pull it off every year.
  • RSA 2011
    Last year we produced a pretty detailed Guide to the Conference and it was well received, so – gluttons for punishment that we are – we’re doing it again



  • PDF Exploit Disguised As A Xerox Scanned Document –
    Most office network printers and scanners have a feature that sends scanned documents over email. Cyber crooks however, have imitated email templates used by these devices for malicious purposes
  • The Honeynet Project Releases New Tool: PhoneyC –
    As promised, I will be reposting some of the cool new announcements from The Honeynet Project here on my blogsince I now serve as Project’s Chief PR Officer.
  • MetaSploit Framework 3.5.2 Released –
    On February 1st, Eduardo Prado of Secumania notified us of a privilege escalation vulnerability on multi-user Windows installations of the Metasploit Framework.
  • Open SCAP v0.6.8 released –
    The OpenSCAP Project was created to provide an open-source frameworkto the community which enables integration with the Security Content Automation Protocol (SCAP) suite of standards and capabilities.
  • SSL Diagnosis v0.8.1a released –
    SSL Diagnos is used to get information about SSL usage (protocols ssl2, ssl3, tls, dtls, and ciphers). It can also be used for testing and rating ciphers on SSL clients.
  • Passwords shared between and gawker –
    This is a classic journo case of an editor-sensationalized title for an article that doesn’t really get reasonable until the last two paragraphs where it kinda puts the brakes on calling password reuse “endemic.”
  • UPDATE: Nmap 5.51! –
    Wow! In about two weeks time, another Nmap release! We now have Nmap version 5.51! The last release was Nmap 5.50, which we wrote about here.
  • eEye to Release Free Vulnerability Scanner with Zero -Day Identification and Configuration Auditing –
    eEye Digital Security, a provider of IT security and unified vulnerability management solutions, today announced the pre-release of Retina Community.
  • UPDATE: Fiddler v2.3.2.3! –
    Our first post regarding Fiddler, the web debugger can be found here. On the 13th of February, an update was released.


Vendor/Software Patches


Other News