- Defcon 18 CTF News
- CTF Defcon 18 PreQuals: writeups (Solutions) – pentester.es
- DEFCON 18 Quals: writeups collection – vnsecurity.net
- Defcon CTF Qualifiers – redspin.com
- Defcon 18 CTF quals writeup: Pursuit Trivial 200 – bernardodamele.blogspot.com
- Defcon 18 CTF quals writeup: Packet Madness 200 – bernardodamele.blogspot.com
- Defcon 18 CTF quals writeup: Pwtent Pwnables 200 – bernardodamele.blogspot.com
- Defcon 18 CTF Writeup – Binary L33tness 500 – lollersk8ers.fatihkilic.de
- Not Too Late To Learn From Defcon CTF Qualifiers – darkreading.com
- W2SP 2010: Web 2.0 Security and Privacy 2010 – w2spconf.com
The goal of this one day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and establishing new collaborations in these areas.
- Tips On Choosing Which Vulnerabilities to Test – icsalabs.com
Based on our experience, below are five of the most important tips when it comes to choosing vulnerabilities.
- Wiping & Protecting Data from SSD/Flash Drives – rootshell.be
As you probably already know, deleting a file using the standard system call is not enough from a security point of view.
- Smart Application Security Score Card – coffeeandsecurity.com
There are several instances where application stakeholders struggle hard to identify necessary security SDLC activities for their applications and products.
- Browser Vulnerability Timeline – browserstats.appspot.com
The timeline shows the percentage of users who have at least one unpatched critical-severity vulnerability (or at least one unpatched high-severity vulnerability) on an average day.
- Browserscope – browserscope.org
The goals are to foster innovation by tracking browser functionality and to be a resource for web developers.
- Karma – digininja.org
Karma is a set of patches to access point software to get it to respond to probe requests not just for itself but for any ESSID requested.
- Ragweed – github.com/tduehr/ragweed
Ragweed is a set of scriptable debugging tools written mostly in native ruby.
- CERT Basic Fuzzing Framework – cert.org
Today we are releasing a simplified version of automated dumb fuzzing, called the Basic Fuzzing Framework (BFF).
- Fuzzing with Peach – The Peach Pit – nullthreat.net
The peach pit is an XML files that lays out the protocol we are going to fuzz.
- Analysis on the carders.cc hacking
Some wily hackers are gleaning more info on the notorious illiegal card swapping forum break in
- Carders.cc Hacked – Initial Analysis of IP addresses – reusablesec.blogspot.com
- Carders.cc – Analysis of Password Cracking Techniques – Part 2– reusablesec.blogspot.com
- Fraudsters e-mail addresses : carders.cc case – bl0g.cedricpernet.net
- Revisiting the Eleonore Exploit Kit – krebsonsecurity.com
Like most exploit kits, Eleonore is designed to invisibly probe the visitor’s browser for known security vulnerabilities, and then use the first one found as a vehicle to silently install malicious software.
- Invasion of Privacy. The Sequel. – attackvector.org
I’m using this post as a way to open peoples eyes about the seriousness of overlooking little things that could, in the right hands and a twisted mind, be used in deviant ways.
- Ruby For Pentesters – The Dark Side I: Ragweed – matasano.com
And yes, Ragweed is now available as a gem through github.
- Download ARTeam Tutorials! – accessroot.com
This a tutorial which explains how to reverse Android OS applications.
- Stealing A Photo From A Remote Webcam – nullpointer.dk
This is another demonstration of the use of Metasploit like I did in my previous article Exploiting SMB on Windows.
- Corporate Information Discovery