- Course Review: SANS SEC 760 Advanced Exploit Development for Penetration Testers – ethicalhacker.net
SANS SEC 760 Advanced Exploit Development for Penetration Testers is a six-day course that teaches the advanced techniques that are needed to compromise modern information systems.
- OWASP Benelux Day 2013 Wrap-Up – blog.rootshell.be
Xavier just back from Amsterdam where was organized the 5th edition of the OWASP Benelux Day. Here is the wrap up of the conference by him.
- Building Secure Container Slides From Appsec USA – blog.gdssecurity.com
The talk focused on uncovering the techniques used by commercial BYOD secure container solutions in order to implement your own.
- Slides from OWASP AppSec USA – blog.sendsafely.com
In case you missed the presentation by SendSafely’s Brian Holyfield and Erik Larsson at OWASP AppSec USA, Sendsafely blog had posted a copy of the deck in their GitHub repository. Brian and Erik discussed some of the challenges they faced here at SendSafely when implementing Content Security Policy (CSP) on their site.
- Security Headers on the Top 1,000,000 Websites: November 2013 Report – veracode.com
It has been almost exactly a year since Veracode researcher conducted the first top 1 million security headers report so it is a great time to re-run the analysis and see how well security header adoption is growing.
- Nimbostratus – andresriancho.github.io
Tools for fingerprinting and exploiting Amazon cloud infrastructures. These tools are a PoC which Andresriancho developed for his “Pivoting in Amazon clouds” talk, developed using the great boto library for accessing Amazon’s API.
- GRR – code.google.com
GRR is an Incident Response Framework focused on Remote Live Forensics. GRR is currently in an Beta release, ready for testing by end users.
- Sparty – github.com
Sparty is an open source tool written in python to audit web applications using sharepoint and frontpage architecture.
- Bypassing Seagate ATA Security Lock – hackaday.com
Here’s a common story when it comes to password retrieval.
- WordPress OptimizePress hack (file upload vulnerability) – www.osirt.com
Thousands of WordPress sites are at risk of being hacked using a newly-discovered vulnerability in the popular OptimizePress theme. OSIRT team tried to find an official announcement of this vulnerability, but the search only turned up a PasteBin post from Nov. 23 that has since been removed.
- Attack Exploits Windows Zero-Day Elevation of Privilege Vulnerability – symantec.com
On November 27, Microsoft issued a security advisory regarding the recent discovery of a zero-day vulnerability in a kernel component of Windows XP and Windows Server 2003. The advisory states that the Microsoft Windows Kernel ‘NDProxy.sys’ Local Privilege Escalation Vulnerability (CVE-2013-5065) can allow an attacker to execute arbitrary code with kernel-level privileges.