Resources
- Smart LSA Secrets Module – hackwhackandsmack.com
Doug decided to take two modules and crash them together to add some automation to some tasks that he seem to pick up often. He took the LSA Secrets module and the Domain Group Enum module and combined them to be one module. - Symantec Intelligence Report: December 2013 – symantec.com
Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks. You can download December edition of the Symantec Intelligence report from here.
Techniques
- Evading iOS Security – winocm.com
Here’s some code. Here’s what happens when you run it on a device using evasi0n7. - How I Defeated LinkedIn’s 3rd-degree Profile Security – osandamalith.wordpress.com
This is one of the best logical bugs ever researched by Osanda Malith. He explained the process from the beginning so that you can understand well. - SMB Attacks Through Directory Traversal – netspi.com
Karl Fosaaen recently run into a number of web applications that allow for either directory traversal or filename manipulation attacks. This may not be mind-blowing new information, but hopefully this gives you some good ideas on other ways to utilize directory traversal vulnerabilities. - Xml eXternal Entity (XXE) Attack – secpod.org
XXE attack is an attack on an application that parses XML input from untrusted sources using incorrectly configured XML parser. Here is an example which uses DTD (Document Type Definition) Entity. - Automated penetration testing in the Microsoft stack with OWASP ZAP – codeproject.com
This article explains how we can do automated penetration testing in the Microsoft stack using OWASP ZAP in combination with Team Foundation Server (TFS) and C#. As a final result will have TFS builds running penetration tests against websites of our choice.
Vulnerabilities
- HealthCare.gov security — ‘a breach waiting to happen’ – news.cnet.com
The government’s problem-riddled Obamacare Web site may face further problems from hackers taking advantage of its many security holes. At least that’s the consensus of a group of security professionals who have analyzed the site.- We stand as one. Change INFOSEC now – trustedsec.com
David Kennedy, who is CEO of computer security consulting firm TrustedSec and who is testifying before Congress on the security issues related to HealthCare.gov, outlined his concerns in this blog post.
- We stand as one. Change INFOSEC now – trustedsec.com
Other News
- Vendor of TDoS products resets market life cycle of well known 3G USB modem/GSM/SIM card-based TDoS tool – webroot.com
Driven by popular demand, the underground market segment for TDoS (Telephony Denial of Service) attacks continues flourishing with established vendors continuing to actively develop and release new DIY (do-it-yourself) type of tools.
Leave A Comment