Event Related

Resources

  • Penetration Testing for iPhone 5
    • Penetration Testing for iPhone Applications Part 5 – resources.infosecinstitute.com
      In the first part of the article, we discussed traffic analysis for iPhone applications. The second, third and fourth parts of the article covered an in-depth analysis of insecure data storage locations on the iPhone. In this part, we will take a look at runtime analysis of iOS applications.
    • Penetration testing of iPhone Applications – securitylearn.net
      In the First part of the article, we have discussed about the iPhone application traffic analysis.
  • SSL: Intercepted today, decrypted tomorrow – news.netcraft.com
    Millions of websites and billions of people rely on SSL to protect the transmission of sensitive information such as passwords, credit card details, and personal information with the expectation that encryption guarantees privacy.
  • The top ten most common database security vulnerabilities – zdnet.com
    What are the most common, and serious, database vulnerabilities that businesses should be aware of?
  • Scapy Guide The Release – itgeekchronicles.co.uk
    Two weeks ago I posted about my intention to write a “dummies” guide to Scapy. So here it is “The Very Unofficial Dummies Guide to Scapy”.

Tools

  • Python MITM Tool + targeting script for local network
    • DanMcInerney/wifi-monitor – github.com
      Prints the IPs on your local network that’re sending the most packets
    • DanMcInerney/intercept – github.com
      Running just intercept.py without -ip argument will arp scan the network and give you a choice of targets then just arp spoof the target
  • ResponseCoder – Manipulation of HTTP Response Headers – blog.cyberis.co.uk
    ResponseCoder is designed to allow you to easily manipulate HTTP response headers – specifically to identify weaknesses in perimeter filtering appliances such as web proxies and next generation firewalls.
  • Adding Vulnerability Scanning Capabilities to Nmap with NSE Vulscan 1.0 – toolswatch.org
    Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV version detection per service which is used to determine potential flaws according to the identified product.
  • prasanna2204/IronSAP – github.com
    Usage : 1. download all the files in github into folder IronWasp/modules/IronSAP 2. Start Ironwasp 3. From menu click … Modules -> My Downloads -> IronSAP 5. Enter the IP Address of SAP host in text box and hit start 6. Wait till the results are displayed.

Techniques

Vendor/Software Patches

  • HP Storage – lolware.net
    HP’s D2D product line, which has recently been rebranded “StoreOnce”, is effectively an expensive software platform.
  • Auditing Security Checklist for AWS Now Available – blogs.aws.amazon.com
    Based on feedback from our customers, AWS has published an Auditing Security Checklist to help you and your auditors assess the security of your AWS environment in accordance with industry or regulatory standards.

Vulnerabilities

  • How Much is Your Gmail Worth? – krebsonsecurity.com
    If you use Gmail and have ever wondered how much your account might be worth to cyber thieves, have a look at Cloudsweeper, a new service launching this week that tries to price the value of your Gmail address based on the number of retail accounts you have tied to it and the current resale value of those accounts in the underground.
  • RC4 in TLS is Broken: Now What? – community.qualys.com
    RC4 has long been considered problematic, but until very recently there was no known way to exploit the weaknesses.