Penetration Testing Mode:
(Page 1 of 636)  1 2 3 4 5 6 7 8 9 10 11  Next >
OWASP ZAP 2.3.0 2014-04-10
psiinon (psiinon gmail com)
Hi folks,

OWASP ZAP 2.3.0 is now available :
http://code.google.com/p/zaproxy/wiki/Downloads?tm=2

Quick summary of the main changes:

* A ZAP 'lite' version in addition to the existing 'full' version
* View, intercept, manipulate, resend and fuzz client-side (browser) events
* Enhanced authenticat

[ more ]  [ reply ]
c0c0n 2014 | The cy0ps c0n - Call For Papers & Call For Workshops 2014-03-24
c0c0n International Information Security Conference (c0c0n is-ra org)

            ___        ___          ___   ___  __ _  _   
           / _ \      / _ \        |__ \ / _ \/_ | || | 
       ___| | | | ___| | | |_ __      ) | | | || | || |_
      / __| | | |/ __| | | | '_ \    / /| | | || |__   _|
     | (__| |_| |

[ more ]  [ reply ]
Shakacon 2014: Call for Papers - Deadline April 11th 2014-03-20
Shakacon (info shakacon org)
==<Apologies for the cross posting but hope to see everyone at the
conference>==

----++++++++++++++++++++++++++++++++++++----
Shakacon VI - Honolulu, Hawaii

"Sun, Surf, and C Shells"

CALL FOR PAPERS

www.shakacon.org/CFP2014.html
----++++++++++++++++++++++++++++

[ more ]  [ reply ]
SAP post exploitation 2014-03-14
Brian Milliron (Brian ECRSecurity com)
Recently I ran across some vulnerable AIX SAP servers on a test and
managed to get admin access on the Web GUI. However, I know very little
about SAP and was unable to leverage SAP admin to get access to the
Oracle DB (it uses a separate credential store) or root on the OS.
Looking through all the

[ more ]  [ reply ]
IMAP STARTTLS sniff tool 2014-03-07
Bob Ezrin (bezrin gmx com)
Hi all.
We managed succesfully to sniff inside POP3S, SMTPS, IMAPS & HTTPS tunnels using:

arpspoof -r DEFAULT_GATEWAY -t VICTIM

iptables -t nat -A PREROUTING -p tcp --dport ORIGIN_PORT -j REDIRECT --to-port REDIRECT_PORT

sslsplit SOME_PARAMS ssl 0.0.0.0 REDIRECT_PORT

to make man-in-the-middle.

[ more ]  [ reply ]
IMAP STARTTLS sniff tool 2014-03-07
Bob Ezrin (bezrin gmx com)
Hi all.
We managed succesfully to sniff inside POP3S, SMTPS, IMAPS & HTTPS tunnels using arpspoof, iptables & sslsplit to make
MITM.
Now we want to sniff inside STARTTLS tunnels (specifically IMAP) but unfortunately sslsplit doesn't supports STARTTLS.
Is there/do you know another SSL/TLS tool su

[ more ]  [ reply ]
[Tool] GoLismero 2.0 beta 3 2014-02-13
cr0hn (cr0hn cr0hn com)
Hello everybody,

From GoLismero project, we pleased to announce the new beta release of GoLismero: GoLismero 2.0 beta 3.

GoLismero is an open source framework for security testing. It's currently geared towards web security, but it can easily be expanded to other kinds of scans. The most importa

[ more ]  [ reply ]
Damn Vulnerable IOS App v1.0 launched 2014-02-04
Prateek Gianchandani (prateek searchingeye gmail com)
Hi All,

It gives me great pleasure to announce v1.0 of Damn Vulnerable IOS =

Application http://damnvulnerableiosapp.com

Damn Vulnerable IOS App (DVIA) is an IOS application that is damn =

vulnerable. Its main goal is to provide a platform to mobile security =

enthusiasts/professionals or stu

[ more ]  [ reply ]
How To Import Nmap XML Results Into Nessus 2014-01-27
Travis Lee (eelsivart gmail com)
In a typical assessment, an initial port scan is performed on the network
with Nmap to discover hosts and to find open ports and services. This would
be followed by a scan with Nessus to determine if those services contain any
known vulnerabilities.

However, in a standard Nessus scan, Nessus will p

[ more ]  [ reply ]
Internship with the National CCDC Red Team 2014-01-23
Rob Fuller (jd mubix gmail com)
This year's National CCDC is mixing it up a bit and leaving one spot
on the Red Team for an "intern". If you don't what CCDC is, it's the
"Collegiate Cyber Defense Competition". Basically school at the state,
regional, and national levels complete in a contest where they are
dropped into a corporate

[ more ]  [ reply ]
[HITB-Announce] #HITB2014AMS Call for Papers - FINAL CALL 2014-01-16
Hafez Kamal (aphesz hackinthebox org)
This is the FINAL CALL to submit your research papers for the 5th annual
HITB Security Conference in Amsterdam (#HITB2014AMS) taking place at De
Beurs van Berlage from the 27th - 30th of May 2014.

Initial round of selected CFP submissions:
http://haxpo.nl/hitb2014ams-conference/#speakers

#HITB2014

[ more ]  [ reply ]
[HITB-Announce] HITB Magazine Issue 10 Out Now 2014-01-07
Hafez Kamal (aphesz hackinthebox org)
Issue #10 is now available!

Hello readers and welcome to the somewhat overdue Issue 010 of HITB
Magazine. As they say, better late than never!

Since the last issue, we've also changed the HITB Security Conference
Call for Papers submission guidelines to now require speakers to submit
a research 'w

[ more ]  [ reply ]
SpiderFoot 2.1.0 released 2014-01-07
Steve Micallef (steve binarypool com)
Hi everyone,

SpiderFoot 2.1.0 is now available, a major update over 2.0.5 which was
released back in September.

Major improvements are as follows:

- Identifies sites co-hosted on IPs of your target.
- Checks whether your target, affiliates or co-hosts have a bad
reputation (PhishTank, Google Sa

[ more ]  [ reply ]
Arachni v0.4.6-0.4.3 has been released (Open Source Web Application Security Scanner Framework) 2014-01-01
Tasos Laskos (tasos laskos gmail com)
Hey folks,

There's a new version of Arachni, an Open Source, modular and
high-performance Web Application Security Scanner Framework written in Ruby.

Brief list of changes:

Framework
----------
* Massively decreased RAM consumption.
* Amount of performed requests cut down by 1/3 -- and thus 1/3 d

[ more ]  [ reply ]
Release: Faraday Penetration Test IDE 2013-12-16
Francisco Amato (famato infobytesec com)
We are happy to announce our first release of Faraday (beta), an open
source collaborative Penetration Test IDE console that uses the same
tools you use every day.

Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment

We built a plugin system, where all the I/O from the te

[ more ]  [ reply ]
ShmooCon Epilogue CFP / CFT 2013-12-10
Rob Fuller (jd mubix gmail com)
What: SHMOOCON EPILOGUE 2014
Location: 2214 Rock Hill Rd, Herndon, VA 20170
Date: Jan 20, 2014 (MLK day) - 10 AM to 10 PM
Cost: $10 per meal (Lunch/Dinner)
Info Page: http://novahackers.blogspot.com/p/shmoo.html

Yup, we're doing it again. ShmooCon Epilogue 2014 is a go! What is
ShmooCon Epilogue? I

[ more ]  [ reply ]
PwnWiki.io 2013-12-01
Rob Fuller (jd mubix gmail com)
Micah and I are merging the Post Exploitation Wiki with a few other
projects to include the following:

+ Kali Linux Documentation Project
+ WebApp Defaults Project
+ Q (Metasploit Repo)
+ (And of course the PwnWiki which has all the content of the Post
Exploitation Command Lists and wiki)

Into one

[ more ]  [ reply ]
[HITB-Announce] #HITB2014AMS Call for Papers Now Open 2013-11-27
Hafez Kamal (aphesz hackinthebox org)
Hi everyone - The Call for Papers for the 5th annual HITB Security
Conference in Amsterdam is now open. #HITB2014AMS takes place at the
Beurs van Berlage from the 27th - 30th of May 2014. The official
conference hotel for the event is the Hilton DoubleTree.

As always we start with 2-days of hands o

[ more ]  [ reply ]
WebSurgery v1.1 released (Web application security testing suite) 2013-11-11
John Stamatakis (john stamatakis sunrisetech gr)
Overview
========
Sunrise is proudly announces WebSurgery v1.1!

WebSurgery is a suite of tools for security testing of web applications. It
is designed to address the ongoing needs of security auditors so to
facilitate them with web application planning and exploitation. Suite
currently contains a

[ more ]  [ reply ]
GoLismero 2.0 beta 2 released 2013-09-20
cr0hn (cr0hn cr0hn com)
Hi all,

We're pleased to announce the beta 2 version of GoLismero 2.0.

In this new version you can find a lot of changes, like:

- Integration with Nmap.
- Added IP address geolocation support.
- Added 22 new vulnerability types to the data model.
- Now vulnerabilities may be categorized

[ more ]  [ reply ]
Arachni v0.4.5.1-0.4.2 has been released (Open Source Web Application Security Scanner Framework) 2013-09-14
Tasos Laskos (tasos laskos gmail com)
Hey folks,

There's a new version of Arachni, an Open Source, modular and
high-performance Web Application Security Scanner Framework written in Ruby.

Brief list of changes:

* Optimized pattern matching to use less resources by grouping patterns to only
be matched against the per-platform pay

[ more ]  [ reply ]
PTH with nmap 2013-09-14
Alex Fiuvertiz (fiuvertiz gmail com)
Hi,

I often having problem with passing the hash using nmap, while other
tools work just fine. Anyone else have the same experience?

// Alex

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove

[ more ]  [ reply ]
CBC Byte Flipping Attack 101 Approach 2013-09-10
Danux (danuxx gmail com)
Nothing new, just a 101 approach of this attack:

http://danuxx.blogspot.com/2013/09/cbc-byte-flipping-attack-101-approach
.html

--
DanUx

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to p

[ more ]  [ reply ]
OWASP Zed Attack Proxy 2.2.0 2013-09-11
psiinon (psiinon gmail com)
Hi folks,

ZAP 2.2.0 is now available from http://code.google.com/p/zaproxy/downloads/list

This includes support for scripts embedded in ZAP components like the
active and passive scanners as well as support for Zest - a new
security focused scripting language from the Mozilla security team.
It als

[ more ]  [ reply ]
SpiderFoot 2.0.4 released 2013-09-04
Steve Micallef (steve binarypool com)
Hi everyone,

I'm pleased to announce the release of SpiderFoot 2.0.4. SpiderFoot is a
free, multi-platform open-source footprinting and intelligence gathering
tool.

Since 2.0.0 was released in May, there have been a number of subsequent
releases not announced to this list, so if you are upgradi

[ more ]  [ reply ]
GoLismero 2.0 beta released 2013-08-24
cr0hn (cr0hn cr0hn com)
Hello all,

From GoLismero team, we're pleased to announce new version of GoLismero: 2.0.0.

GoLismero is an open source framework for security testing. It's currently geared towards web security, but it can easily be expanded to other kinds of scans.

The most interesting features of the framew

[ more ]  [ reply ]
t2'13: Challenge to be released 2013-09-07 10:00 EEST 2013-08-16
Tomi Tuominen (tomi tuominen t2 fi)
It is that time of the year again - weâ??re pleased to announce the
release of the t2â??13 Challenge!

Soon after t2â??12 was over, we discovered that the conference had been infiltrated by an APT. Our best guess is that the APT pwned the laptop of one of the conference organizers and successfully e

[ more ]  [ reply ]
Arachni v0.4.4-0.4.2 has been released (Open Source Web Application Security Scanner Framework) 2013-08-12
Tasos Laskos (tasos laskos gmail com)
Hey folks,

There's a new version of Arachni, an Open Source, modular and
high-performance Web Application Security Scanner Framework written in Ruby.

The change-log is quite sizeable but some bullet points follow.

For the Framework (v0.4.4):

* New checks
* Source code disclosure (source_

[ more ]  [ reply ]
[HITB-Announce] REMINDER: #HITB2013KUL CFP Closes 25th July 2013-07-09
Hafez Kamal (aphesz hackinthebox org)
Hi everyone,

Just a gentle reminder that the Call for Papers for the 11th annual HITB
Security Conference in Malaysia, #HITB2013KUL, closes on the 25th of
July at 23:59 MYT!

As always, we're looking for talks that are highly technical, but most
importantly, material which is new, cutting edge and

[ more ]  [ reply ]
Arachni v0.4.3 has been released (Open Source Web Application Security Scanner Framework) 2013-07-06
Tasos Laskos (tasos laskos gmail com)
Hey folks,

There's a new version of Arachni, an Open Source, modular and
high-performance Web Application Security Scanner Framework written in Ruby.

The change-log is quite sizeable but some bullet points follow.

For the Framework (v0.4.3):

* Stable multi-Instance scans, taking advantage of

[ more ]  [ reply ]
(Page 1 of 636)  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus