Events Related Course Review: SANS SEC 760 Advanced Exploit Development for Penetration Testers – ethicalhacker.net SANS SEC 760 Advanced Exploit Development for Penetration Testers is a six-day course that teaches the advanced techniques that are needed to compromise modern information systems. OWASP Benelux Day 2013 Wrap-Up – blog.rootshell.be Xavier just back from Amsterdam where was organized the [...]
Resources Video Tutorial: Introduction to XML External Entity Injection – community.rapid7.com This video introduces XML injection to achieve XML external entity injection (XXE) and XML based cross site scripting (XSS). Errata Security's blog We scanned the Internet for port 22 – blog.erratasec.com Errata Security scanned the entire Internet for port 22 -- the port reserved for "SSH", [...]
Event Related Hack in Paris 2013 edition Video and Slides available now on each talk briefing! BYOD - The Privacy and Compliance Risks from Bringing Your Own Mobile Device to Work - hackinparis.com Remoting Android Applications for Fun and Profit - hackinparis.com The Control of Technology by Nation State : Past, Present and Future - The Case of Cryptology and [...]
Event Related HackMiami Releases Results of Web Application Security Scanner '2013 Pwn-Off - PenTest Shootout' - reuters.com HackMiami researchers have released a comprehensive whitepaper that detail the results of the 2013 Pwn-Off Pen-Test Tools Shootout that took place on Miami Beach during the HackMiami 2013 Hackers Conference. Resources Penetration Testing for iPhone 5 Penetration Testing [...]
Resources The Ultimate Guide to Finding and Using Free Images On Your WordPress Site - wpmu.org Blog writing can involve a lot of blood, sweat and tears, unless you’re one of those magical people who can tap out an insightful post with inexplicable ease or some kind of deus ex machina intervention. Calling NTDLL Functions [...]
Event Related SOURCE Dublin SOURCE Dublin Wrap-Up Day #1 - blog.rootshell.be I flew on Wednesday evening to Dublin, Ireland to attend the SOURCE conference (previously, it was organised in Barcelona). The conference was held in the Trinity College, in the centre of the city. SOURCE Dublin Wrap-Up Day #2 - blog.rootshell.be This second day started [...]
Event Related Bootcamp - pentesterlab.com/bootcamp Bootcamp provides a learning path to get into security and especially web penetration testing. Resources Automated Open Source Intelligence (OSINT) Using APIs - raidersec.blogspot.com The first step to performing any successful security engagement is reconnaissance. How much information one is able to enumerate about given personnel (for social engineering engagements) [...]
The blog-o-sphere has been buzzing about the popular wordpress blogging platform getting hacked and their sites being redirected to anyresults.net. Via Donncha O Caoimh's blog: Remember a few weeks ago there was all that noise about WordPress blogs getting hacked? Remember how everyone was urged to upgrade their blogs. You did upgrade didn’t you? No? [...]
Today I noticed a ton of duplicate content on various blogs. My first thought was they were all hacked, but the content pages weren't malicious at all. I then noticed that all the blogs that were effected were hosted blogs at wordpress.com! Somehow, all the feeds were now pointing to http://en.blog.wordpress.com/feed/. Below are a couple [...]