- A look at ASLR in Android Ice Cream Sandwich 4.0 – blog.duosecurity.com
For the uninitiated, ASLR randomizes where various areas of memory (eg. stack, heap, libs, etc) are mapped in the address space of a process.
- The Ultimate OS X Hardening Guide Collection – isc.sans.edu
Many security professionals tend to use OS X systems. Maybe for the nice and shiny looks, or the Unix under pinnings that make it a great platform to run current tools. However, the operating system itself isn’t exactly “secure out of the box” and like all operating systems can profit from some additional hardening tricks.
- White Hat Hacker Flowchart – dankaminsky.com
A white hat hacker flowchart by Dan Kaminsky.
- DPScan: Drupal Security Scanner – github.com
This small tool is public and accessible for our use. It may help other auditors or penetration testers do their job faster and gather more information.
- DNSChef – thesprawl.org
DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka “Fake DNS”) is a tool used for application network traffic analysis among other uses.
- Sqlmap plugin for BurpSuite – blog.buguroo.com
Today we present a free plugin, developed by me, so you can use the sqlmap from BurpSuite so really comfortable.
- SIPVicious 0.2.7 – code.google.com
SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. It currently consists of four tools.
- Skipfish-2.04b – code.google.com
Skipfish is a fully automated, active web application security reconnaissance tool.
- Social-Engineer Toolkit (SET) 3.0 released. – secmaniac.com
Greetings all. I’m excited to release the 3.0 version of the Social-Engineer Toolkit (SET) Codename “#WeThrowBaseballs”.
- Metasploit 4.2 Released: IPv6, VMware, and Tons of Modules! – community.rapid7.com
Since our last release in October, we’ve added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads — that clocks in at just about 1.5 new modules per day since version 4.1.
- Mobile App Permissions and Choice – pen-testing.sans.org
Recently we’ve seen a flurry of news articles identifying a weakness in the Apple iOS architecture where application developers have unrestricted access to contact book entries on your iPhone, iTouch or iPad.
- Minimizing Vulnerabilities in Applications – Part 1 – resources.infosecinstitute.com
During my 20+ year career, I have seen many coding virtuosos which had only one problem – they did not pay any attention to the security of their code.
- MindshaRE: a reversing tool – dvlabs.tippingpoint.com
MindshaRE is our periodic look at some simple reverse engineering tips and tricks. The goal is to keep things small and discuss every day aspects of reversing. You can view previous entries by going through our blog history or querying a search engine for dvlabs mindshare.
- iOS 5 Flaw Allows data access
- Paperclips pose security threat to iPhones – technolog.msnbc.msn.com
Under the right — though easily arranged — circumstances, a simple paperclip could allow someone to circumvent your iPhone’s passcode and access your voicemail, contacts, recent call list, and other data.
- iOS 5 Flaw Allows Unfettered Access to User’s Contacts, Calls – threatpost.com
A passcode flaw in Apple’s iOS 5 could allow unauthorized access to an iPhone user’s contacts list, recent calls, voicemail, text messages and more, according to a recent blog post from CultofMac.com.
- New Oracle ERP Vulnerabilities Unmasked – darkreading.com
Design flaws could allow attackers to access, alter, or take over ERP systems — but will enterprises do anything about the vulnerabilities?