Week 14 in Review – 2012

Event Related


  • Towards Firmware Analysis – sensepost.com
    While I was evaluating a research idea about a SCADA network router during the past week, I used available tools and resources on the Internet to unpack the device firmware and search for interesting components.
  • Fusion Advancing exploit mechanisms – exploit-exercises.com
    Fusion is the next step from the protostar setup, and covers more advanced styles of exploitation, and covers a variety of anti-exploitation mechanisms.
  • Ascii shellcode – Security101 – blackhatacademy.org
    Printable ascii shellcode is used to evade sanitizing on the network and software layers during buffer overflow exploitation.
  • X-Frame-Options – blog.whitehatsec.com
    What is it and why should I care? X-Frame-Options (moving towards just Frame-Options in a draft spec – dropping the X-) is a new technology that allows an application to specify whether or not specific pages of the site can be framed. This is meant to help prevent the clickjacking problem.
  • Getting your message across: Screenshots – blog.c22.cc
    Since I’ve finally started doing something with pentestreports.com I thought it was time to write-up some interesting content. Seeing as this one has been bugging me for a while, I thought it would make an interesting starting point. As always, comments are welcomed and encouraged!
  • Dinis Cruz blog: Great description of why OWASP Summits are special – diniscruz.blogspot.com
    Abe (on the owasp-leaders list) just posted the text below in response to my Summits must be part of OWASP’s DNA reply and it provides one of the best descriptions of what makes Owasp Summit’s special and worthwhile doing.


  • ModSecurity Advanced Topic of the Week: Automated Virtual Patching using OWASP Zed Attack Proxy – blog.spiderlabs.com
    The SpiderLabs Research Team has added an example script to the OWASP ModSecurity Core Rule Set (CRS) Project archive that will help users to quickly implement virtual patches for vulnerabilities identified by an open source web vulnerability scanning tool.
  • GooDork Command Line Google Dorking/Hacking Tool – darknet.org.uk
    GooDork is a simple python script designed to allow you to leverage the power of Google Dorking straight from the comfort of your command line. There was a GUI tool we discussed a while back similar to this – Goolag – GUI Tool for Google Hacking.
  • Medusa 2.1 Release – foofus.net
    What is Medusa? Medusa is a speedy, massively parallel, modular, login brute-forcer for network services created by the geeks at Foofus.net.
  • Enema is Powerful tool for SQL injection – pentestit.com
    Enema is not autohacking software. This is dynamic tool for people, who knows what to do. Not supported old database versions (e. g. mysql 4.x). Development targeted to modern versions.
  • Adobe open sources Malware Classifier tool – h-online.com
    Adobe has open sourced a tool for analysing and classifying malware to help security first responders, including malware analysts and security researchers. Called “Adobe Malware Classifier”, the command-line tool is written in Python and was originally created for internal use by the Adobe Product Security Incident Response Team (PSIRT) “for quick malware triage”.
  • Dissecting the SQL Injection Tools Used By Hackers – blog.imperva.com
    Recently, during a presentation to a group of security professionals, an impromptu poll was taken asking attendees whether they were familiar with Havij, a SQL injection tool used heavily in the hacking community.
  • Web tool checks if your Mac is Flashback-free – cnet.com
    Have you been put off by the work required to find out if your machine is one of the unlucky ones infected with the Trojan? There’s a new Web app that will check your Mac.
  • Intersect version 2.5 update – github.com
    Intersect is a post-exploitation framework written in Python. The main goal of this project is to assist penetration testers in the automation of many post exploitation and data exfiltration tasks that they would otherwise perform manually. With the Intersect framework, users can easily build their own customised scripts from the pre-built templates and modules that are provided or they can write their own modules to add additional or specialised functionality. As of the time of writing, there are almost 30 separate modules to choose from and more are added almost daily.
  • Mercury: An Open Source Android Assessment Framework! – labs.mwrinfosecurity.com
    Mercury is a framework that provides interactive tools that allow for dynamic interactions with the target applications running on a device.


  • windows privilege escalation via weak service permissions – travisaltman.com
    When performing security testing on a Windows environment, or any environment for that matter, one of the things you’ll need to check is if you can escalate your privileges from a low privilege user to a high privileged user.
  • Another Approach To Tracking ReadFile – dvlabs.tippingpoint.com
    We often receive fuzzed file submissions, which at times can be agonizing to analyze. Tools help a lot here, as we have shown in previous posts, such as with Peter’s awesome write up on hooking ReadFile and MapViewOfFile.


Other News

2017-03-12T17:39:49-07:00 April 9th, 2012|Security Conferences, Security Tools, Security Vulnerabilities|6 Comments

Share This Story, Choose Your Platform!


  1. […] Week 14 in Review – 2012 | Infosec EventsBy RoxanneDuring vulnerability assessment or penetration testing, identifying the input vectors of the target application is a primordial step. Sometimes, when dealing with Web application testing, verification routines related to SQL injection flaws …Infosec Events […]

  2. […] old female chocolate lab everytime we go to the off leash dog park after we leave she throws up?Week 14 in Review – 2012Week 14 in Review – 2012Week 14 in Review – […]

  3. Xbox 360 Premium Themes Download April 20, 2012 at 8:10 am

    […] Broken Xbox 360s Made My Baby CryHackers can steal credit card data from used Xbox 360sThoughts on the XBox 360s Potential in ChinaXbox 360 Professional Repairs – Common Problems and Solutions for Xbox 360Comcast access to the HBO Go app on Xbox 360 is live : GadgetgoSkyrim Kinect For Xbox 360 Enables Dragon Shouts And MoreNews Roundup 2nd April — The Average GamerHigh Noon: The Confusing Lack of Spaghetti Western GamesWeek 14 in Review – 2012 […]

  4. […] Game in the WorksSlingo Daily Challenge Android Game DownloadIs it possible to make money onlineWeek 14 in Review – 2012 .aa6b_box {font-size: 14px !important;font-style: normal !important;font-weight: normal […]

  5. […] Credit Card Debt When Shopping OnlineBest 3 Free Apps For You To Measure Your Ring SizeWeek 14 in Review – 2012 #igit_rpwt_css { background:#FFFFFF; font-family:verdana,arila,serif; font-size:12px; […]

  6. When Anger Doesn’t Work Part 2 May 9, 2012 at 5:47 pm

    […] Les « Bnei Menashe » d’Inde vont reprendre leur Aliya vers IsraëlIMMIGRATION : LES BENI MENASHE D’INDE VONT REPRENDRE LEUR ALIYAH VERS ISRAËL. Descendants d’une des dix tribus d’Israël, une intense campagne de lobbying est menée auprès du gouvernementGlimpses of CultureDimanche 6 maiSpurs lose to QPR for the second time in a weekWeek 14 in Review – 2012 […]

Leave A Comment