- Baythreat 4 – thesprawl.org
Baythreat Day Two. Here are the writeups of another series of excellent presentations from the breaker track for the remainder of the day.
- The AppSec Program Maturity Curve 4 of 4 – veracode.com
This is the final post in a series on the Application Program Maturity Curve. In this series, Veracode have advocated that Application Security is best pursued as a sustained, policy-driven program that employs proactive, preventative methods to manage software risk.
- Those Look Just Like Hashes! – isc.sans.edu
Have you ever during a penetration test collected a list of values that look very much like hashes, and thought “I could maybe start cracking those, if I only knew what algorithm was used to calculate those hash values”. Rob VandenBrink had exactly this happen recently.
- RAT-a-tat-tat – sensepost.com
Following on from Jeremy’s talk (slides) He is releasing the NMAP service probes and the Poison Ivy NSE script as well as the DarkComet config extractor.
- OSCP FAQ – buffered.io
Since publishing the article that detailed OJ Reeves experiences with the PWB labs and the OSCP exam, he had received scores of emails from potential and current students searching for more information and (quite often) hints. This post stands instead of those emails as a point of reference for common OSCP-related questions.
- Intro to Metasploit Class at IU Southeast – irongeek.com
This is a class irongeek did to introduce students to Metasploit at IU Southeast. Special guest lecturer Jeremy Druin.
- THC-Hydra 7.5 Released – Fast Parallel Network Logon Cracker – darknet.org.uk
Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast.
- Acquiring Memory Images with Dumpit – isc.sans.edu
This diary is about using tools which is Dumpit. Dumpit is a free tool written by Matthieu Suiche from MoonSols. Dumpit support both 64-bit and 32-bit Windows operating systems .
- OWASP STeBB – owasp.org
OWASP STeBB is a free and opensource security testing browser bundle. OWASP STeBB ( Security Testing Browser Bundle ) is an all in one web security toolkit for web application security testers.
- Removing the Android Device Lock from any Mobile App – blog.dinosec.com
Last week, a new Android vulnerability was disclosed. It affects Android Jelly Bean (JB) 4.3 devices, as well as earlier version based on Raul Siles’s own testing, such as Android Ice Cream Sandwich (ICS) version 4.0.3. The flaw allows any mobile application to remove the passcode or lock protection of Android mobile devices, no matter the lock mechanism in place: PIN code, password or passphrase, dot pattern or gesture, or face unlock.
- Remote Code Execution exploit in WordPress 3.5.1 – vagosec.org
This blog post showed an example exploit for the PHP Object vulnerability in WordPress installations before version 3.6.1. The exploit made use of classes defined in the Lightbox Plus ColorBox plugin, which has close to 1 million downloads.
- A browser is only as strong as its weakest byte – Part 2 – blog.exodusintel.com
Last week exodusintel managed to trick IE9 into doing an INC