- Web security tricks – bugscollector.com
Bugs Collector is a database of web security breaches and tricks collected from all over the world. Tricks are available here.
- ShowMeCon 2014 Videos – irongeek.com
These are the videos of ShowMeCon 2014. You can watch and download all the videos from here.
- LayerOne 2013 – layerone.org
Archives of the videos of Los Angeles’ premiere security conference 2013. You can watch all the videos from here.
- Nmap Class for Hackers For Charity – irongeek.com
This is the Nmap class the Kentuckiana ISSA put on to support Hackers For Charity. Speakers include Jeremy Druin, Martin Bos and @irongeek_adc.
- Jacob I. Torrey: From Kernel to VMM – youtube.com
This presentation provides a cohesive overview of the Intel VT-x virtualization extensions from the perspective of a kernel developer. It finishes by outlines AIS, Inc.’s DARPA CFT MoRE effort.
- MagicTree v1.3 Available For Download – Pentesting Productivity – darknet.org.uk
MagicTree is a pentesting productivity tool. You can download MagicTree here.
- Pwnstaller 1.0 – harmj0y.net
Pyinstaller, for those of you who aren’t aware, is a useful program that “converts (packages) Python programs into stand-alone executables”. Pwnstaller is a tool to generate and compile a dynamically-obfuscated version of the Pyinstaller runw.exe loader.
- RedoWalker Beta Version Released – databaseforensics.com
RedoWalker dumps Oracle redo logs to an XML format; it specifically dumps redo entries fro DDL, INSERTs, UPDATEs, DELETEs and associated UNDO records. This software is still in beta.
- DepDep v1.0 – github.com
Depdep is a merciless sentinel which will seek sensitive files containing critical info leaking through your network.
- Parsero v0.71 – Attacking Robots.txt Files Released – github.com
Parsero is a free script written in Python which reads the Robots.txt file of a web server and looks at the Disallow entries.
- Inception v0.3.5 Beta – Attacking FireWire Devices Released – github.com
Inception is a FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP-2 DMA. The tool can unlock (any password accepted) and escalate privileges to Administrator/root on almost* any powered on machine you have physical access to.
- IPv6 Toolkit v1.5.3 Released – si6networks.com
A security assessment and troubleshooting tool for the IPv6 protocols.
- ITool Release: You’ll Never (Ever) Take Me Alive! – isecpartners.github.io
You’ll Never Take Me Alive — a tool that helps protects Full Disk Encrypted Windows computers from DMA and cold boot attacks.
- Network Proxy and Protocol Responder – hackwhackandsmack.com
This blog will allow you to re-create or replay a management station type scenario with a client and opens a whole load of new attack scenarios.
- Android Hacking and Security, Part 5: Debugging Java Applications Using JDB – resources.infosecinstitute.com
This article walks the readers through debugging Java programs using a command line tool called JDB. Though this article doesn’t touch Android concepts, this is a prerequisite to understand the next article coming in the series.
- Plesk 10 & 11 SSO XXE/XSS – makthepla.net
This blog post is about complete failure that resulted in a win.
- Executing Code via SMB / DCOM Without PSEXEC – www.room362.com
PSEXEC has been a staple for Windows post exploitation pivoting and system administration for a long while.The basic premise of how all “psexec” tools work is described here.
- Beefing up Windows End Station Security with EMET – isc.sans.edu
After Rob VandenBrink post last week on things a System Administrator can do to protect against zero days in the browser, operating systems and applications, one of the biggies for Windows is to deploy EMET.This is a really high level description of how you’d deploy EMET in a typical Windows shop.
- Moar Shellz! – trustedsec.com
Larry Spohn shared one more method that he recently discovered, using the Metasploit “psexec_command” module, created by Royce Davis (@r3dy__), from Accuvant LABS.
- Dropbox patches shared links security flaw – zdnet.com
Dropbox has now patched a security vulnerability which could give third parties access to server data without authorization.
- 300k servers vulnerable to Heartbleed one month later – blog.erratasec.com
It’s been a month since the Heartbleed bug was announced. Robert Graham thought he’d rescan the Internet (port 443) to see how many systems remain vulnerable.