Penetration Testing Mode:
(Page 7 of 638)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >
Info about attack trees 2012-05-24
Federico De Meo (demeof gmail com)
Hellp everybody, I'm new to this malinglist and to pen-testing.
I'm here to learn and I'm starting with a question :)

I'm looking for some informations about attack trees usage in web application analysis.

For my master thesis I decided to study the usage of this formalism in order to reppresent a

[ more ]  [ reply ]
Re: Securing Citrix 2012-05-23
Marco Ivaldi (raptor mediaservice net)

On Wed, 16 May 2012, utf-8?Q? Adri=C3=A1n_Puente_Z. ?= wrote:

> Hi everyone!
> I am looking for a good reference to secure a Citrix server to avoid a user
> to gain acces to the operating system. So far I have some ideas like
> restricting the execution of the cmd.exe and (maybe) expl

[ more ]  [ reply ]
Securing Citrix 2012-05-16
Adrián Puente Z. (seclists hackarandas com)
Hi everyone!

I am looking for a good reference to secure a Citrix server to avoid a user to gain acces to the operating system. So far I have some ideas like restricting the execution of the cmd.exe and (maybe) explorer.exe from with a group policy in the domain.

If you know about any document I

[ more ]  [ reply ]
sslcaudit 1.0 released 2012-05-11
Alexandre Bezroutchko (abb gremwell com)

I would like to announce the release of sslcaudit 1.0.

The goal of sslcaudit project is to develop a utility to automate
testing SSL/TLS clients for
resistance against MITM attacks. It is useful for testing thick clients,
mobile applications,
appliances, pretty much anything communicating

[ more ]  [ reply ]
Question of Likelihood 2012-05-14
Pen Testar (pentestar ymail com) (2 replies)
I'm testing an app with sensitive information that is full of holes. Reflected and persisted XSS, CRSF, various injection attacksâ?¦ you name it.

You also have a bunch of vulns that arenâ??t typically of high likelihood, but in the presence of the other vulns above (Iâ??ll call them the â??enabli

[ more ]  [ reply ]
Re: Question of Likelihood 2012-05-16
Pete Herzog (lists isecom org)
Re: Question of Likelihood 2012-05-14
Justin Rogosky (jrogosky gmail com)
t2'12: Call for Papers 2012 (Helsinki / Finland) 2012-05-11
Tomi Tuominen (tomi tuominen t2 fi)
Hash: SHA1

# t2'12 - Call For Papers #
Helsinki, Finland
October 25 - 26, 2012

We are pleased to announce the annual t2'12 infosec conference, which
will take place in Helsinki, Finland, from October 25

[ more ]  [ reply ]
A survey on web application attacks 2012-05-10
Hannes Holm (Hannes Holm ics kth se)
Hi pen-test subscribers,

I am researching the domain consensus regarding the effectiveness of different web application firewalls (WAF)s and would be glad if you could spare a few minutes of your time to answer a survey on the topic.

By completing this survey you will:

  * Help build valuable do

[ more ]  [ reply ]
Announce: Italian Hacker Game Cracca al Tesoro - Crack A Treasure 2012-05-03
Aspy (aspy solution it)
It is the 6 th edition of the game.

It 's very much like a treasure hunt but more... hight tech!
The team need to find five hidden access point within a city, crack
them, then find the servers behind them, hack them to find clues to
the next target ...

Next date: Genoa, Italy, May 12
Joining is

[ more ]  [ reply ]
nullcon Delhi 2012 Call for Paper/Call for Event 2012-05-02
nullcon (nullcon nullcon net)
Hi All,

For the very first time nullcon now comes to Delhi - to showcase cutting
edge security technologies and discuss new attack vectors and security
threats among the  Corporate world and the Government sector. The event
brings together thought leaders,Corporates, Government and security

[ more ]  [ reply ]
xSQL Scanner 1.6 - Released 2012-04-30
Rodrigo Matuck (rodrigomatuck globo com)


New version of xSQL Scanner is available with following features:

- PostgreSQL support added;
- SQL PortScan updated;
- Exceptions fixed;
- Progressbar bug fixed;
- MSSQL 7 DoS module added.
- MSSQL Empty password exploit module added.
- Session support added
- Visual modified
- Minor

[ more ]  [ reply ]
[Tool update] VoIP Hopper 2.04 released 2012-04-29
Jason Ostrom (justiceguy pobox com)
VoIP Hopper 2.04 security tool is released:

New Avaya, Alcatel-Lucent, and LLDP-MED spoofing support. Thanks to Nicolas Roux of France for his Alcatel source contribution and debugging help. The Alcatel support has only been partially tested on a production netw

[ more ]  [ reply ]
Anti-fingerprinting techniques 2012-04-25
cr0hn (dani madesyp com)
Hello everybody!

I just released the slides of a course about anti-fingerprinting
techniques. The course talking about:
? A brief introduction of FreeBSD.
? How fingerprinting works.
? How defeat the fingerprinting test.
? Practical examples for evade the test for some services:
+ Web server.

[ more ]  [ reply ]
[HITB-Announce] HITB Magazine Issue 008 (now with print edition!) 2012-04-23
Hafez Kamal (aphesz hackinthebox org)
The 8th issue of the HITB Quarterly Magazine is now available for download!

This edition is a little bit 'lighter' than previous issues as the
editorial team is busy working on an extra special release for our 10th
year anniversary conference in October, HITBSecConf2012 -

[ more ]  [ reply ]
[New tool] - Exploit Pack - Web Security 2012-04-23
noreply (at) exploitpack (dot) com [email concealed] (noreply exploitpack com)
Exploit Pack - Web Security Edition

This tool allows you to take control of remote browsers, steal social
network credentials, obtain persistence on it, DDoS and more.

Main features:
- Hacking of Gmail, Yahoo, Facebook, Live, Linkedin
- Session pers

[ more ]  [ reply ]
Ruxcon 2012 Call For Papers 2012-04-19
cfp ruxcon org au
Ruxcon 2012 Call For Papers

The Ruxcon team is pleased to announce the call for papers for the 2012 annual Ruxcon conference.

This year the conference will take place over the weekend of 20th and 21st of October at the CQ Function Centre, Melbourne, Australia.

The deadline for submissions is the

[ more ]  [ reply ]
Passwords^12 : Call for Presentations 2012-04-15
Per Thorsheim (per thorsheim net)
For the third time I am happy to announce a Call for Presentations for

Passwords^12 will be held at the University of Oslo (Norway) on December
3-4, 2012. The 2-day conference will be free and open for anyone to
attend. Please do note that our primary audience will be academics and

[ more ]  [ reply ]
Backtrack 5 R2 priv escalation 0day found in CTF exercise 2012-04-11
Adam Behnke (adam infosecinstitute com) (1 replies)
wicd Privilege Escalation 0Day
Tested against Backtrack 5, 5 R2, Arch distributions

Spawns a root shell. Has not been tested for potential remote exploitation

Discovered by a student that wishes to remain anonymous in the course CTF.
This 0day exploit for Backtrack 5 R2 was discovered b

[ more ]  [ reply ]
Re: Backtrack 5 R2 priv escalation 0day found in CTF exercise 2012-04-12
Juan F. Campos - (jfcampos computalleres com)
44Con 2012 CFP - London 5th - 7th September 2012-04-10
Steve (steve 44con com)
The 2nd annual 44Con is going to be held in London in September, 2012.
We're looking for speakers, workshops and training courses to make the
event even bigger and better than last year. If you fancy an
accomodation and travel covered trip to London while it's still warm and
sunny, this is the e

[ more ]  [ reply ]
Shakacon CFP - Extended Deadline: April 13, 2012 2012-04-05
Shakacon (info shakacon org)
Thanks to everyone for all the submissions received and the committee is
evaluating them for selection. If you are on the fence about submitting
remember - All selected speakers will receive compensation to cover
Airfare and 2 hotel nights in Honolulu, Hawaii. Not to mention you get
to hang out w

[ more ]  [ reply ]
OWASP ZAP 1.4.0 released 2012-04-08
psiinon (psiinon gmail com)
Hi folks,

I'm very pleased to announce that version 1.4.0 of the OWASP Zed
Attack Proxy (ZAP) has now been released.

This release adds the following main features:
* Syntax highlighting
* fuzzdb integration
* Parameter analysis
* Enhanced XSS scanner
* A port of some of the Watcher checks
* Plugab

[ more ]  [ reply ]
[Tool update] - Gason: sqlmap plugin for burpsuite proxy 2012-04-09
cr0hn (dani madesyp com)
Dear all,

I just released a new version of Gason: A plugin to run sqlmap into

What's new?

- Bux fixes
- New GUI that allow you to run plugin stand alone, as a sqlmap GUI

Project page:



[ more ]  [ reply ]
Cheap Software Defined Radio 2012-04-04
Justin Rogosky (jrogosky gmail com)
Saw this slashdot article about repurposing a tv tuner card as a poor
mans software defined radio. Since it was on slashdot, I can assume the
discovery was made sometime in 2005 and only recently posted.

Links below are to the article and the actual site for the radio...


[ more ]  [ reply ]
how to calculate hmac for esp packet? 2012-04-04
Jun Yin (hansyin gmail com)
Hi, I'm trying to craft a esp packet for ipsec test, I try to use
python to create the hmac, I tried this:

>>> key1="11111111111111111111111111111111"
>>> msg="000001340000000b46e66a9853b58a94492be70c535a72d5994c3fe54a7c69e6a43

[ more ]  [ reply ]
Medusa 2.1 Release 2012-04-03
jmk (jmk foofus net)
Fellow Pen-Testers:

Medusa 2.1 is now available for public download.

This release does not introduce any major changes to the core of the
application. However, it does include two years worth of bug-fixes

[ more ]  [ reply ]
Hacking AutoUpdate by Injecting Fake Updates 2012-04-03
Adam Behnke (adam infosecinstitute com)
We all know that hackers are constantly trying to steal private information
by getting into the victim's system, either by exploiting the software
installed in the system or by some other means. By performing routine
updates for their software, consumers can protect themselves, patching known

[ more ]  [ reply ]
Windows Credentials Editor (WCE) v1.3beta 64bit release 2012-03-29
Amplia Security Research (research ampliasecurity com)
WCE (Windows Credentials Editor) v1.3beta 64bit released.

Download link:

Additional information:


This list is s

[ more ]  [ reply ]
(Page 7 of 638)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >


Privacy Statement
Copyright 2010, SecurityFocus