- RSA Conference 2011
If you ignored the weather and the travel delays caused by having a Former US President and the Current President of the United States in town the conference was highly enjoyable this year.
- DefCon 2011 Call for Papers – defcon.org
More exciting than HBGary’s email, world’s #1 hacker expose or 5up3r $3kret.gov leak, it is time for the DEF CON Call for Papers to open!
- Throwing Star LAN Tap – ossman.blogspot.com
It is a simple cross of CAT5 cable spliced together to permit in-line monitoring of Ethernet connections.
- SQL Injection: bypassing addslashes() – securityreliks.securegossip.com
This is really simple. Many will try to nullify SQL injection using the php addslahes() function. However, this is easily bypassed using an invalid multi-byte character. Let me illustrate how this works.
- Pulling Cisco configs with Nmap – cqure.net
A few hours ago I committed a new script created by Vikas Singhal to Nmap.
- Nmap mssql scripts feature boost – cqure.net
Chris Woodbury and I have been working on some new exciting features and enhancements to the ms-sql scripts and library in Nmap lately.
- Launching OWASP Defenders Community – michael-coates.blogspot.com
I’ve created the OWASP Defenders Community as the first step towards a vision of OWASP I outlined the other day.
- The Open Pentest Bookmarks Collection – securityaegis.com
…is just that, a collection of handy bookmarks I initially collected that aid me in my day to day work or I find in the course of research.
- Penetration Testing Execution Standard – pentest-standard.org
It is a new standard designed to provide both businesses and security service providers with a common language and scope for performing penetration testing.
- When does a DoD Information System require a re-accreditation – elamb.org
We are talking about a single client on within an Information System getting an upgraded operating systems, or a firewall being upgraded or the addition of 4 Cisco internetworking devices and a VLAN change.
- Building the ultimate bad arse CUDA cracking server – secmaniac.com
Well, this week was pretty lean compared to the plethora of Security topics written last week during RSA.
- Pentest lab vulnerable servers application list – r00tsec.blogspot.com
In this post I’m going to present some useful resources to learn about penetration testing and where to use exploitation tools and techniques in a safe and legal environment.
- DOMXSS Scanner: An Online Tool to find Potential DOM Based XSS Vulnerabilities – domxssscanner.com
DOMXSS Scanner is an online tool that helps you find potential DOM based XSS security vulnerabilities.
- Reversing Android – zonbi.org
These are just some useful links to tools and blogs on reversing Android applications and the Android platform. I haven’t had a chance to play with them as yet, but I’m hoping to spend some time on it a little later this evening.
- OllyDbg 2.01 Alpha 2! – ollydbg.de
Our first post regarding OllyDbg can be found here. Now, the intermediate releaseOllyDbg version 2.01 alpha 2 has been released finally!
- Having Fun with beEF, the browser exploitation network – gnucitizen.org
Sorry vegetarians, but BeEF is back. That’s right, the Browser Exploitation Framework is back, and it has now been rewritten from the ground up in Ruby.