|
|
Colapse all |
Post message
LFI with limitation 2010-05-21 Jacky Jack (jacksonsmth698 gmail com) (2 replies) Hi A URL is vulnerable to LFI but it's removing/stripping null character. So, are there any ways to bypass it? ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employ [ more ] [ reply ] OSSTMM 3 based Home Security Vacation Guide v.2! 2010-05-20 Pete Herzog (lists isecom org) Summer vacation's coming so don't forget to check out the Home Security Methodology Vacation Guide at http://www.isecom.org/hsm/ Version 1.2 is available! It's based on OSSTMM 3. I'm sure a more thorough or accurate checklist exists! Enjoy! Sincerely, -pete. -- Pete Herzog - Managing Directo [ more ] [ reply ] [HITB-Announce] HITBSecConf2010 - Malaysia Call for Papers 2010-05-20 Hafez Kamal (aphesz hackinthebox org) The Call for Papers for HITB Security Conference 2010 Malaysia is now open! Talks that are more technical or that discuss new and never before seen attack methods are of more interest than a subject that has been covered several times before. Submissions are due no later than 9th August 2010. HITB [ more ] [ reply ] Mastering Trust in Security Assessments 2010-05-20 Pete Herzog (lists isecom org) Hi, ISECOM has been working on improving and replacing risk analysis, assessments and management with trust. Our research has shown dramatic improvements from using a trust model based on fact over risk models. OSSTMM 3 (www.osstm.org) outlines much of this already and I am beginning to address [ more ] [ reply ] Juniper Secure Access - Mask hostnames while browsing 2010-05-19 Agazzini Maurizio (inode mediaservice net) Dear List, during my last pentest I encountered into a Juniper Secure Access with "Mask hostnames while browsing" feature enable. I developed a little tool to encode/decode these kind of parameters (it's a simple circular queue). You can find the code here: http://lab.mediaservice.net/code.php#jun [ more ] [ reply ] The New ISO Hacking Standard 2010-05-19 Pete Herzog (lists isecom org) The security community may be interested in this: The New ISO Hacking Standard New York, May 17, 2010 -- The worldâ??s national standards bodies met again during April, this time in Malaka, Malaysia and they extended talks about the Open Source Security Testing Methodology Manual. This ultimate [ more ] [ reply ] Re: OT: the detection of illegal gateways 2010-05-18 Zack Payton (zpayton gmail com) (1 replies) Sorry, I hit send too early. Off the top I can think of several techniques that my be of use. I don't have any experience with IP Sonar so I'm of no help regarding that. 1. A simple way could be to use SNMP to poll all of your switches and look for OUI codes in the CAM tables of well known router [ more ] [ reply ] WRT120N 2010-05-17 Yered Céspedes (yered yeredsoft com) (2 replies) Hi all Does anyone have knowledge of any vulnerability for the Linksys WRT120N (firmware v1.0.01)? I've been looking around with not much luck. Thanks & regards -- Yered Céspedes ------------------------------------------------------------------------ This list is sponsored by: Information Assu [ more ] [ reply ] OT: the detection of illegal gateways 2010-05-17 J Hein (j hein ymail com) (4 replies) hi all, this post might be somewhat off-topic, so please accept my apologies first. I have a somewhat difficult problem to crack - there is a large corporate network which covers several Nordic countries, and unfortunately there have been cases in the past where a device with routing capability has [ more ] [ reply ] Re: CVE Security vulnerability database web site 2010-05-14 Serkan Özkan (serkanozkan gmail com) (1 replies) Hi again, I added related metasploit modules pages for vendors, products and versions. For example you can view list of metasploit modules related to mac os x, sample here : http://securityvulnerability.net/metasploit-modules.php?product_id=156 I added list of related metasploit modules to the botto [ more ] [ reply ] Re: CVE Security vulnerability database web site 2010-05-18 Josh (joshmunson gmail com) (1 replies) Re: CVE Security vulnerability database web site 2010-05-21 YGN Ethical Hacker Group (lists yehg net) Security Awareness for Kids 2010-05-18 Pete Herzog (lists isecom org) Hi, Introducing: http://www.badpeopleproject.org Security as it's taught to children is a mess. They get rules for everything, more than anyone should have to memorize, and the rules unfortunately hardly overlap from real world security to cybersecurity. We want to fix that and we need your hel [ more ] [ reply ] Re: CVE Security vulnerability database web site 2010-05-11 Serkan Özkan (serkanozkan gmail com) > Cool. Whatever. Somebody needs to map vulns to exploits more easily. > Something like > http://www.metasploit.com/modules/ > But for this and other exploit databases (and map to/from CVE, etc). I tried to simply mark references to exploits. See sample here : http://www.cvedetails.com/cve-details. [ more ] [ reply ] CVE Security vulnerability database web site 2010-05-09 Serkan Özkan (serkanozkan gmail com) (1 replies) Hi all, After suffering the pain of searching for security vulnerabilities for years as a security consultant, I created a web site using CVE data published by NVD. You can use either http://www.cvedetails.com or http://www.securityvulnerability.net address, whichever you like. It is more than a [ more ] [ reply ] |
|
Privacy Statement |
We have just released the updated STAR, Attack Surface Metrics
calculation sheets, and the rav formula!
As part of certain requirements towards compliance, more and more Euro
companies (so far in France, Germany, Italy, and Switzerland) have
begun getting their infrastructure's attack surfa
[ more ] [ reply ]