Penetration Testing Mode:
(Page 1 of 636)  1 2 3 4 5 6 7 8 9 10 11  Next >
[Onapsis Security Advisory 2014-021] SAP HANA XS Missing encryption in form-based authentication 2014-07-29
Onapsis Research Labs (research onapsis com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2014-021: SAP HANA XS Missing encryption in
form-based authentication

This advisory can be downloaded in PDF format from
http://www.onapsis.com/.

By downloading this advisory from the Onapsis Resource Center, you will
gain ac

[ more ]  [ reply ]
Re: failure notice 2014-07-25
Nikola Milosevic (nikola milosevic86 gmail com)
Well I believe the right answer is nothing. If you publicly disclose it,
you are risking being sued.

It is ethically to disclose it to them, as you did it. However, company is
not liable of giving you price or even do anything about the vulnerability
(I guess until it is too late). They don't even

[ more ]  [ reply ]
How to deal with the company that doesn't react on providing them information about serious security vulnerability? 2014-07-23
MichaÅ? RybiÅ?ski (fishmanos79 gmail com) (2 replies)
Hi all,

I believe this is the best place to ask such question because I would
imagine that most of people reading this list have something to do
with discovering vulnerabilities and reporting them to parties
responsible.

On the beginning of the January I have discovered some security flaw
which al

[ more ]  [ reply ]
Ruxcon 2014 Final Call For Presentations 2014-07-15
cfp ruxcon org au
Ruxcon 2014 Call For Presentations
Melbourne, Australia, October 11th-12th
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the Final Call For Presentations for Ruxcon 2014.

This year the conference will take place over the weekend of the 11th and 12th of October

[ more ]  [ reply ]
SmartPentester 1.0 released 2014-06-27
Smart Splat (smartpentester gmail com)
Hi All,

SmartPentester 1.0 is now available,Its an SSH based Penetration
Testing Framework for system like Kali and Backtrack
It provides a GUI for well known tools like
nmap,hping,tcpdump,volatility,hydra and etc. Consisting of modules
Penetration testing,
Malware Analysis, Forensic Analysis, Cybe

[ more ]  [ reply ]
[HITB-Announce] #HITB2014KUL round 1 CFP submission deadline in < 1 week 2014-06-24
Hafez Kamal (aphesz hackinthebox org)
The deadline to submit your papers for the the 12th and FINAL HITB
Security Conference in Malaysia is just around the corner! Paper
selection will be done in two rounds:

ROUND 1 DEADLINE: 30th June 2014
FINAL DEADLINE: 31st July 2014

HITBSecConf2014 - Malaysia takes place at Intercontinental Kuala

[ more ]  [ reply ]
Embedded Device Security Conference 2014 // CFP 2014-06-10
Michael Eddington (meddington gmail com)
EDSC is an annual security conference focusing on embedded systems,
hardware, and anything behind the silicon curtain. Embedded systems
testing is a rapidly expanding area of the security industry and
staying current is important for engineers, researchers, and testers
alike. EDSC brings the top t

[ more ]  [ reply ]
t2'14: Call for Papers 2014 (Helsinki / Finland) 2014-05-19
Tomi Tuominen (tomi tuominen t2 fi)
#
# t2'14 - Call For Papers (Helsinki, Finland) - October 23 - 24, 2014
#

Do you feel like Las Vegas is too hot, Berlin too bohème, Miami too humid, Singapore too clean and Pattaya just totally confusing ? No worries! Helsinki will be the perfect match for you â?? guaranteed low temperature, high

[ more ]  [ reply ]
Ruxcon 2014 Call For Papers 2014-05-05
cfp ruxcon org au
Ruxcon 2014 Call For Presentations
Melbourne, Australia, October 11th-12th
http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon 2014.

This year the conference will take place over the weekend of the 11th and 12th
of October at the CQ Function Cent

[ more ]  [ reply ]
SpiderFoot 2.1.4 released 2014-04-28
Steve Micallef (steve binarypool com)
Hi all,

SpiderFoot 2.1.4 is now available, and will be the last enhancement
release on the 2.1 branch as I focus on 2.2. SpiderFoot is an open
source footprinting and intelligence gathering tool, written in Python
and runs on Linux, *BSD and Windows.

Since 2.1.0 was announced here in January, t

[ more ]  [ reply ]
OWASP ZAP 2.3.0 2014-04-10
psiinon (psiinon gmail com)
Hi folks,

OWASP ZAP 2.3.0 is now available :
http://code.google.com/p/zaproxy/wiki/Downloads?tm=2

Quick summary of the main changes:

* A ZAP 'lite' version in addition to the existing 'full' version
* View, intercept, manipulate, resend and fuzz client-side (browser) events
* Enhanced authenticat

[ more ]  [ reply ]
c0c0n 2014 | The cy0ps c0n - Call For Papers & Call For Workshops 2014-03-24
c0c0n International Information Security Conference (c0c0n is-ra org)

            ___        ___          ___   ___  __ _  _   
           / _ \      / _ \        |__ \ / _ \/_ | || | 
       ___| | | | ___| | | |_ __      ) | | | || | || |_
      / __| | | |/ __| | | | '_ \    / /| | | || |__   _|
     | (__| |_| |

[ more ]  [ reply ]
Shakacon 2014: Call for Papers - Deadline April 11th 2014-03-20
Shakacon (info shakacon org)
==<Apologies for the cross posting but hope to see everyone at the
conference>==

----++++++++++++++++++++++++++++++++++++----
Shakacon VI - Honolulu, Hawaii

"Sun, Surf, and C Shells"

CALL FOR PAPERS

www.shakacon.org/CFP2014.html
----++++++++++++++++++++++++++++

[ more ]  [ reply ]
SAP post exploitation 2014-03-14
Brian Milliron (Brian ECRSecurity com)
Recently I ran across some vulnerable AIX SAP servers on a test and
managed to get admin access on the Web GUI. However, I know very little
about SAP and was unable to leverage SAP admin to get access to the
Oracle DB (it uses a separate credential store) or root on the OS.
Looking through all the

[ more ]  [ reply ]
IMAP STARTTLS sniff tool 2014-03-07
Bob Ezrin (bezrin gmx com)
Hi all.
We managed succesfully to sniff inside POP3S, SMTPS, IMAPS & HTTPS tunnels using:

arpspoof -r DEFAULT_GATEWAY -t VICTIM

iptables -t nat -A PREROUTING -p tcp --dport ORIGIN_PORT -j REDIRECT --to-port REDIRECT_PORT

sslsplit SOME_PARAMS ssl 0.0.0.0 REDIRECT_PORT

to make man-in-the-middle.

[ more ]  [ reply ]
IMAP STARTTLS sniff tool 2014-03-07
Bob Ezrin (bezrin gmx com)
Hi all.
We managed succesfully to sniff inside POP3S, SMTPS, IMAPS & HTTPS tunnels using arpspoof, iptables & sslsplit to make
MITM.
Now we want to sniff inside STARTTLS tunnels (specifically IMAP) but unfortunately sslsplit doesn't supports STARTTLS.
Is there/do you know another SSL/TLS tool su

[ more ]  [ reply ]
[Tool] GoLismero 2.0 beta 3 2014-02-13
cr0hn (cr0hn cr0hn com)
Hello everybody,

From GoLismero project, we pleased to announce the new beta release of GoLismero: GoLismero 2.0 beta 3.

GoLismero is an open source framework for security testing. It's currently geared towards web security, but it can easily be expanded to other kinds of scans. The most importa

[ more ]  [ reply ]
Damn Vulnerable IOS App v1.0 launched 2014-02-04
Prateek Gianchandani (prateek searchingeye gmail com)
Hi All,

It gives me great pleasure to announce v1.0 of Damn Vulnerable IOS =

Application http://damnvulnerableiosapp.com

Damn Vulnerable IOS App (DVIA) is an IOS application that is damn =

vulnerable. Its main goal is to provide a platform to mobile security =

enthusiasts/professionals or stu

[ more ]  [ reply ]
How To Import Nmap XML Results Into Nessus 2014-01-27
Travis Lee (eelsivart gmail com)
In a typical assessment, an initial port scan is performed on the network
with Nmap to discover hosts and to find open ports and services. This would
be followed by a scan with Nessus to determine if those services contain any
known vulnerabilities.

However, in a standard Nessus scan, Nessus will p

[ more ]  [ reply ]
Internship with the National CCDC Red Team 2014-01-23
Rob Fuller (jd mubix gmail com)
This year's National CCDC is mixing it up a bit and leaving one spot
on the Red Team for an "intern". If you don't what CCDC is, it's the
"Collegiate Cyber Defense Competition". Basically school at the state,
regional, and national levels complete in a contest where they are
dropped into a corporate

[ more ]  [ reply ]
[HITB-Announce] #HITB2014AMS Call for Papers - FINAL CALL 2014-01-16
Hafez Kamal (aphesz hackinthebox org)
This is the FINAL CALL to submit your research papers for the 5th annual
HITB Security Conference in Amsterdam (#HITB2014AMS) taking place at De
Beurs van Berlage from the 27th - 30th of May 2014.

Initial round of selected CFP submissions:
http://haxpo.nl/hitb2014ams-conference/#speakers

#HITB2014

[ more ]  [ reply ]
[HITB-Announce] HITB Magazine Issue 10 Out Now 2014-01-07
Hafez Kamal (aphesz hackinthebox org)
Issue #10 is now available!

Hello readers and welcome to the somewhat overdue Issue 010 of HITB
Magazine. As they say, better late than never!

Since the last issue, we've also changed the HITB Security Conference
Call for Papers submission guidelines to now require speakers to submit
a research 'w

[ more ]  [ reply ]
SpiderFoot 2.1.0 released 2014-01-07
Steve Micallef (steve binarypool com)
Hi everyone,

SpiderFoot 2.1.0 is now available, a major update over 2.0.5 which was
released back in September.

Major improvements are as follows:

- Identifies sites co-hosted on IPs of your target.
- Checks whether your target, affiliates or co-hosts have a bad
reputation (PhishTank, Google Sa

[ more ]  [ reply ]
Arachni v0.4.6-0.4.3 has been released (Open Source Web Application Security Scanner Framework) 2014-01-01
Tasos Laskos (tasos laskos gmail com)
Hey folks,

There's a new version of Arachni, an Open Source, modular and
high-performance Web Application Security Scanner Framework written in Ruby.

Brief list of changes:

Framework
----------
* Massively decreased RAM consumption.
* Amount of performed requests cut down by 1/3 -- and thus 1/3 d

[ more ]  [ reply ]
Release: Faraday Penetration Test IDE 2013-12-16
Francisco Amato (famato infobytesec com)
We are happy to announce our first release of Faraday (beta), an open
source collaborative Penetration Test IDE console that uses the same
tools you use every day.

Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment

We built a plugin system, where all the I/O from the te

[ more ]  [ reply ]
(Page 1 of 636)  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus