Resources

  • Phishing Frenzy: Installing the Monster – pentestgeek.com
    If you’re not a rails guru or haven’t ever dabbled with ruby on rails, the installation process might seem overwhelming. Zeknox created this helpful video which follows the newly created wiki on how to get up and running with PF on Kali linux.
  • 30c3: To Protect And Infect, Part 2 – youtube.com
    This is Jacob “@ioerror” Applebaum talks video at CCC on the militarization of the internet.
  • 12 Days of HaXmas: BMC and IPMI Research and Exploitation – community.rapid7.com
    This post is the sixth in a series, 12 Days of HaXmas, where you’ll take a look at some of more notable advancements in the Metasploit Framework over the course of 2013.
  • Corporate-information-security – slideshare.net
    Slideshare Presentations on corporate information security by Jarno Niemela.

Tools

  • ChameleonMini – github.com
    This is the main repository of the Chameleon-Mini project, a versatile smartcard emulator. Download it from here.
  • SSLyze v0.8 released – github.com
    SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers.
  • typofinder – github.com
    A finder of domain typos showing country of IP address, released as open source by NCC Group.

Techniques

  • Sqlmap Tricks for Advanced SQL Injection – blog.spiderlabs.com
    Sqlmap is an awesome tool that automates SQL Injection discovery and exploitation processes. Christophe De La Fuente provides a basic overview of sqlmap and some configuration tweaks for finding trickier injection points.
  • Getting Started with WinDBG – Part 3 – blog.opensecurityresearch.com
    In this series of blog posts Open Security Research team have walked you through getting WinDBG installed, setup, and got you started by attaching to a process and setting breakpoints. Their next step is the actual debugging part where they’re stepping through a program and looking at memory.
  • 12 Days of HaXmas: Finding shell_bind_tcp_random_port with Nmap and Ndiff – community.rapid7.com
    In this post, wvu’ll explore how to use this payload with our friends Nmap and Ndiff. Let’s get hacking!

Vulnerabilities

  • Fuzzing RTSP to discover an exploitable vulnerability in VLC – isecpartners.github.io
    In this post, iSEC Research Labs will describe the bug iSEC recently discovered in the Live555 library (CVE-2013-6933, CVE-2013-6934). This yielded a remote code execution vulnerability in all client and server applications that use the Live555 library, including the popular media player VLC.

Other News