We are doing a pen test for a small company and wish to automate some things. We have a website inside their Intranet that
when employees scan or visit it we'd like to nmap the box they came from trying to see if anyone hooks up an authorized computer to their intranet. Any ideas of how to get=

[ more ]  [ reply ]

Dear all,

This is o annunce release of GoLISMERO version 0.6.5. This version
is now full and fixed.

GoLISMERO help you to map an web application, displaying as
confortable format for security auditor and preparing them for
intergrate with other web hacking tools as w3af, wfuzz, netcat

[ more ]  [ reply ]

Group,

I was asked to perform the security testing on SSO enabled web
applications. Can you guys please give me some guidelines or specific
test cases on testing the SSO enabled environment? Please forward me
if you have any sites/documents related to this or links to the
documents...

Thanks,

Sek

[ more ]  [ reply ]

Over on full-disclosure@, I was informed about some of the research
around actively attacking printers. I've traded email with the foofus
guy and watched his talk from Defcon, but I'm curious about how this
plays out for others in a pen testing role.

The primary goal as I understand things currentl

[ more ]  [ reply ]

Hey,

Does anyone have a comprehensive audit program/checklist for physical
security? I would want something that maps up to the PCI DSS standards
(although this â??dataâ? doesnâ??t process payment data it is highly sensitive
and thus meets the same security requirements). It isnâ??t a data centre

[ more ]  [ reply ]

Hi everyone,

We're glad to announce, that the new issue of PenTest Mag is out. As always
over 20 pages of teaser, including full article by Ed Skoudis to be
downloaded for free !

http://pentestmag.com/sql-injection-pentest-072011/

For all those, who want more - you should subscribe immediately

[ more ]  [ reply ]

Hi everyone

I'm receiving good feedback, bugs reports and suggestions. Keep
going... I did a new version of xTSCrack

Some new features:

+ Supported clients: Windows 2000, XP, Vista, 2003 and 7
+ Supported servers: Windows 2000, Windows XP, Windows 2003 and Windows 2008
+ Port field added;
+ Stop

[ more ]  [ reply ]

Hi everyone,

We're happy to announce that the sixth annual SANS AppSec Summit will be
held in Las Vegas, Nevada on April 30 - May 1, 2012.

The theme for this conference is "Application Security at Scale".

Billions of records in the cloud. Millions of smart mobile devices.
Millions of developers

[ more ]  [ reply ]

Colleagues,

OWASP is currently soliciting training providers for the OWASP AppSec
DC 2012 regional conference that will take place at the Walter E.
Washington Convention Center (801 Mount Vernon Place NW Washington, DC
20001) on April 2nd through 5th of 2012.  The theme for this year's
conference i

[ more ]  [ reply ]

Hi everyone

I published at my blog a new tool called xSQLScanner. This program
allow the user audit MS-SQL and My-SQL servers.

Some features:

1 - 6 Vulnerability Audit options;
1.2 - Test for weak password fast;
1.3 - Test for wear/user passwords;
1.4 - Wordlist option;
1.5 5 - Userlist optio

[ more ]  [ reply ]

Hi,

Sorry, I think you misunderstood. I am looking for a company (or
contractor) that has recent, specific experience of testing a JIRA
installation for a potential short-term contract for a friend of mine.
I appreciate that I could DL and install or even mirror the
installation but he is hoping to

[ more ]  [ reply ]

Hello readers and welcome to issue #7.

It has been a long journey since the first release of the magazine and
we have seen a lot of changes and improvements overtime and still
trying our best to do more.

But as we grow, the amount of work and the time we need to spend
working on the magazine have

[ more ]  [ reply ]

All,

Is there anyone on this list with commercial JIRA pentest exposure?

Please email responses directly.

Thanks,

Bog

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potentia

[ more ]  [ reply ]

Hi guys

As I promised here the xTSCrack with bug fixed.
http://www.4shared.com/file/_ZLE5q9b/xtscrack-05.html

Soon 3 new tools. I need your feedback and bug reports pls.

Regards,

Rodrigo Matuck

------------------------------------------------------------------------

This list is sponsored by: I

[ more ]  [ reply ]

Hi

Everyone

I'm here to talk about 2 tools i posted in my blog. These tools was
created by me to help in penetration tests. Maybe can be useful for
you guys.

xTSCrack - Is a tool to assist the peneration tester find weak
passwords over RDP protocol (3389). Tested against Windows XP, 2003 e
2008.

[ more ]  [ reply ]

Colleagues,

Building on the success of AppSec DC 2010 and 2009, OWASP is pleased
to announce the next OWASP AppSec DC conference. The theme for this
year's conference is "OWASP - Not just webapps anymore" to reflect the
new and revised scope of OWASP to include all application security
issues inst

[ more ]  [ reply ]