- Pentest & Reverse: iOS Application Hacking – esec-pentest.sogeti.com
Last month, we gave some lectures about iOS application Hacking first at GreHack (Grenoble, France) and then at Hack.Lu (Luxembourg, Luxembourg). Here you will find the slides and the paper. Don’t hesitate to send us your questions.
- The Red team Mindset Course Part 1 (PDF) – redteams.net
This is the first part (2 hours) of a Red Team Mindset Course that I gave to a group. I am trying to find a good venue to do it for the open public.
- Android Application Assessment – resources.infosecinstitute.com
Android is developed by Google and is a Linux based platform. It uses its own virtual machine called Dalvik Virtual Machine (DVM) to run .dex files, which is very similar to .class files of Java. This paper discusses the assessment on a Windows machine.
- What The Rails Security Issue Means For Your Startup – kalzumeus.com
January has been a very bad month for Ruby on Rails developers, with two high-severity security bugs permitting remote code execution found in the framework and a separate-but-related compromise on rubygems.org, a community resource which virtually all Ruby on Rails developers sit downstream of.
- Introduction to WMI Basics with PowerShell Part 1 – darkoperator.com
WMI is the Microsoft implementation of Web-Based Enterprise Management (WBEM), with some enhancements in the initial version of it, WBEM is a industry initiative to develop a standard technology for accessing management information in an enterprise environment that covers not only Windows but also many other types of devices like routers, switches, storage arrays …etc. WMI uses the Common Information Model (CIM) industry standard to represent systems, applications, networks, devices, and other managed components. CIM is developed and maintained by the Distributed Management Task Force (DMTF).
- Password Hashes Dump Tools
- Password hashes dump tools – docs.google.com
Password hashes dump tools in one source.
- Dump Windows password hashes efficiently – Part 6 – bernardodamele.blogspot.com
When you login to a network resource like a network share, a proxy server behind NTLM authentication, a database management system, a mail server, etc, you can often instruct your client to save the password, typically by simply ticking the box “Remember my password”.
- ROPgadget tool v4.0.0 – shell-storm.org
This tool lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation. Since version 3.0, ROPgadget has a auto-roper for build your payload automatically with the gadgets found.
- Developer Tools – opentools.homeip.net
The Developer Tools for UPnP™ Technologies is a set of development and reference tools for creating software that is compatible with the UPnP specifications.
- Open Web Application Security Project: OWASP Zed Attack Proxy v 2.0.0 – blogspot.com
There is a new version of the OWASP Zed Attack Proxy (ZAP) available right now, and there are so many changes in it that we’ve decided to call it version 2.0.0.
- TLSSLed v1.3 – blog.taddong.com
This version is the result of testing lots of HTTPS (SSL/TLS) implementations during real-world pen-tests, so it is full of minor improvements and extra checks to identify different behaviors we have found in the wild (see the changelog inside the tool/script: “New in version 1.3” section).
- VulnVoIP: 1 – vulnhub.com
VulnVoIP is based on a relatively old AsteriskNOW distribution and has a number of weaknesses. The aim is to locate VoIP users, crack their passwords and gain access to the Support account voicemail.
- Weevely – github.com
Weevely is a stealth PHP web shell that simulate an SSH-like connection. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.
- How do I phish? – Advanced Email Phishing Tactics – pentestgeek.com
One of the first things we need to do in any phishing campaign is enumerate email addresses. How are we going to send emails if we don’t know where we are sending to? This is where Jigsaw comes in handy to quickly and easily enumerate email addresses for us.
- Use .NET csc.exe to create a malicious EXE on locked down systems – phillips321.co.uk
So on a locked-down system you might find yourself with no ability to import malicious code, or for that matter execute it due to Anti-Vitus protection. So what about just writing the code up in notepad and then compiling it using csc.exe. Note: csc.exe comes packaged with each of the .NET framework versions.
- About the security content of iOS 6.1 Software Update – support.apple.com
This document describes the security content of iOS 6.1. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
- Critical Java Update Fixes 50 Security Holes – krebsonsecurity.com
Oracle Corp. has issued an update for its Java SE software that plugs at least 50 security holes in the software, including one the company said was actively being exploited in the wild.
- Security Flaws in Universal Plug and Play: Unplug, Don’t Play – community.rapid7.com
This morning we released a whitepaper entitled Security Flaws in Universal Plug and Play. This paper is the result of a research project spanning the second half of 2012 that measured the global exposure of UPnP-enabled network devices.
- Exposed UPNP Devices – isc.sans.edu
Rapid7 conducted a widely quoted study, scanning the Internet on port 1900/udp to find devices that expose UPnP