Penetration Testing Mode:
(Page 5 of 638)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
Oracle Application Express / Password hashes 2013-02-20
Guillaume Lopes (isec gls gmail com)
Hello all,

I have to crack password hashes from an Oracle application (APEX). The
version is APEX 4.0.

I have found documentation saying that password hashes are the
concatenation of the username, the password and the security groupd id
since APEX 3.0.

Do you know a tool or another way to retriev

[ more ]  [ reply ]
Choosing an Independent Penetration Testing Firm 2013-02-07
Remi Broemeling (remi broemeling org) (4 replies)
Hi all,

I'm currently in the process of sizing up/comparing various
Penetration Testing firms, and am having a bit of trouble finding
distinguishing characteristics between them. I've looked at a fair
few, but they all seem to offer very similar services with little to
recommend one over another.

[ more ]  [ reply ]
Re: Choosing an Independent Penetration Testing Firm 2013-02-07
Eric Schultz (fire0088 gmail com)
Re: Choosing an Independent Penetration Testing Firm 2013-02-07
Owen Connolly (ojconnolly gmail com)
Re: Choosing an Independent Penetration Testing Firm 2013-02-07
Anders Thulin (anders thulin sentor se)
Re: Choosing an Independent Penetration Testing Firm 2013-02-07
Justin Rogosky (jrogosky gmail com) (1 replies)
Re: Choosing an Independent Penetration Testing Firm 2013-02-07
Sergey Soldatov (votadlos gmail com)
OWASP Zed Attack Proxy 2.0.0 2013-01-30
psiinon (psiinon gmail com)
Hi folks,

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated
penetration testing tool for finding vulnerabilities in web

It is designed to be used by people with a wide range of security
experience and as such is ideal for developers and functional testers
who are new to p

[ more ]  [ reply ]
[HITB-Announce] REMINDER: #HITB2013AMS Call for Papers Closes 8th Feb 2013-01-22
Hafez Kamal (aphesz hackinthebox org)
Happy belated 2013 everyone! This is a gentle reminder that the The
Call for Papers for #HITB2013AMS (the fourth annual HITBSecConf in
Amsterdam) closes on the 8th of February. We're looking for talks that
are highly technical, but most importantly, material which is new and
cutting edge. In short,

[ more ]  [ reply ]
SAP ERP Audits 2013-01-08
cribbar (crib bar hotmail co uk)

If any of you utilise SAP ERP (ECC6 specifically) applications in your
network, or if you have come up against them in your external assessments,
are there any common vulnerabilities you come across which you could detail
or would recommend looking ojut for? Also to check for weak or default

[ more ]  [ reply ]
ShakaCon 2013 - Call for Papers 2013-01-02
Shakacon (info shakacon org)
Shakacon IV - Honolulu Hawaii

"Sun, Surf, and C Shells"


Who: Shakacon Crew
What: Shakacon IV
When: June 25-28 2013
Where: Paradise -

[ more ]  [ reply ]
[TOOL] Topera: invisible IPv6 scanner to Snort 2012-12-09
cr0hn (dani madesyp com)

We have just released, and uploaded to google code, the tool "Topera". It is a tool that Rafa Sanchez and me (cr0hn) present at security II conferences "Navaja Negra" ("Black Knife" in english) in Albacete, Spain.

The peculiarity of "Topera" is that it is capable to do IPv6 scanning that ar

[ more ]  [ reply ]
Fwd: winAUTOPWN v3.2 Released 2012-12-04
QUAKER DOOMER (quakerdoomer inbox lv)
Dear all,

This is to announce release of winAUTOPWN version 3.3

About winAUTOPWN:

winAUTOPWN is an auto (hacking) shell gaining tool. It can also be used to test IDS, IPS and other monitoring
sensors/softwares.Autohack your targets - even if you have consumed and holding

[ more ]  [ reply ]
Re: nmap in Virtualbox weirdness 2012-11-10
Andy Meyers (andy meyers hushmail com)
What are the specs on your host machine? I'm thinking it may be a resource problem.

Bog Witch <iambogwitch (at) gmail (dot) com [email concealed]> wrote:

>Hi All,
>The setup:
>Host: Ubuntu 12.04 / 12.10
>Virtualbox Guest: Ubuntu 12.04 / 12.10
>The issue:
>From the guest OS, running nmap with anything greater than T2, t

[ more ]  [ reply ]
nmap in Virtualbox weirdness 2012-11-10
Bog Witch (iambogwitch gmail com) (1 replies)
Hi All,

The setup:
Host: Ubuntu 12.04 / 12.10
Virtualbox Guest: Ubuntu 12.04 / 12.10

The issue:

From the guest OS, running nmap with anything greater than T2, the NIC
becomes 'stuck' a simultaneous ping of a local box will start
reporting 'Destination host unreachable'
If the nmap scan is set abo

[ more ]  [ reply ]
Re: nmap in Virtualbox weirdness 2012-11-10
Jon Kibler (jon r kibler gmail com)
TXDNS v2.2.1 released 2012-11-05
Arley Silveira (arleybls hotmail com)
TXDNS v 2.2.1 is out and available to download from
Some new features:
* You can now rotate country code second level domains (ccSLD) along with TLDs:
* You can now indicate a start point to the brute force algorithm:
  --start-at xyz;
* Option to force resolve

[ more ]  [ reply ]
[HITB-Announce] #HITB2013AMS Call For Papers Now Open 2012-11-05
Hafez Kamal (aphesz hackinthebox org)
The Call for Papers for the fourth annual HITBSecConf in Europe is now
open! Taking place on the 8th till 11th of April at the Okura Hotel, Amsterdam, #HITB2013AMS will be a triple track conference (with HITB Labs) and features keynotes by Eddie Schwartz, Chief Information Security Officer at RSA an

[ more ]  [ reply ]
Burp Suite Free Edition v1.5 released 2012-11-02
PortSwigger support (support portswigger net)
Burp Suite Free Edition v1.5 is now available to download from

This is a significant upgrade with a wealth of new features added since
v1.4, most notably:

* Completely new user interface with numerous usability enhancements.

* Several new Proxy listener options, to deal wi

[ more ]  [ reply ]
Bypassing WAF via HTTP Pollution 2012-10-03
Danux (danuxx gmail com)
By playing CSAW CTF you always learn something new (at least myself).

Hope you enjoy it:



This list is sponsored by: Information Assurance Ce

[ more ]  [ reply ]
winAUTOPWN v3.2 Released 2012-10-03
QUAKER DOOMER (quakerdoomer inbox lv)
Dear all,

This is to announce release of winAUTOPWN version 3.2

A complete list of all Exploits in winAUTOPWN is available inside MISC\CHANGELOG.TXT
A complete list of User Interface changes is available in MISC\UI_CHANGES.txt

BSDAUTOPWN has been compiled, like always for various flavour

[ more ]  [ reply ]
Arachni v0.4.1 has been released (Open Source Web Application Security Scanner Framework) 2012-10-03
Tasos Laskos (tasos laskos gmail com)
Hey folks,

This is just to let you know that there's a new version of Arachni.

Arachni is a modular and high-performance (Open Source) Web Application
Security Scanner Framework written in Ruby.

The change-log is quite sizable but the gist is:
* License change, Apache License v2.
* Additio

[ more ]  [ reply ]
[Onapsis Research Labs] New Onapsis Bizploit release 2012-09-27
Onapsis Research Labs (research onapsis com)
Hash: SHA1

Dear colleague,

We?re happy to announce the release of a new version of Onapsis Bizploit - the open-source ERP Penetration Testing framework.
Bizploit is a free command-line application to perform proof-of-concept penetration tests of the technical lay

[ more ]  [ reply ]
MagicTree 1.2 released 2012-09-27
Alla Bezroutchko (alla gremwell com)
MagicTree 1.2 is released and available for download at

MagicTree is data management tool for penetration testers. It allows
bringing together data from different sources, analyzing and re-using it
and generating custom reports.

New features in this release:


[ more ]  [ reply ]
Fuzzing Like A Boss with Pythonect 2012-09-17
Itzik Kotler (xorninja gmail com)
Hi All,

I wanted to share with you a post I wrote about how to fuzz with Pythonect:

Pythonect is a new, experimental, general-purpose dataflow programming
language based on Python.

It aims to combine the intuitive feel of shel

[ more ]  [ reply ]
[Onapsis Research Labs] New SAP Security In-Depth issue: "Securing the Gate to the Kingdom: Auditing the SAProuter" 2012-09-13
Onapsis Research Labs (research onapsis com)
Hash: SHA1

Dear colleague,

We are happy to announce a new issue of the Onapsis SAP Security In-Depth publication.

SAP Security In-Depth is a free publication led by the Onapsis Research Labs with the purpose of providing specialized information about the current

[ more ]  [ reply ]
[Rooted CON 2013] CFP starts! 2012-09-05
Román Ramírez (rramirez rootedcon es) (1 replies)
Hash: SHA1

Hello all,

Here you've attached all the necessary information for any potential
speakers willing to have a talk at Rooted CON 2013.

Kind regards to all and thanks in advance

______ _ _ ____ ___ _ _
/ / _ \ ___ ___

[ more ]  [ reply ]
Hack3rCon 2012-09-14
Justin Rogosky (jrogosky gmail com)
nullcon Goa 2013 Call For Papers/Events 2012-09-05
nullcon (nullcon nullcon net)

Hello! Aloha! Namaskar! Ni Hau! Guten Tag! Privet! Salam-wale-kum!
Hej! Ahoj! Bonjour! Terve! Ciao! Konnichiva! Selamat! Barev! Jum Reap
Sour! Selamat! ahnnyeong ha se yo! Salvete! Moien! Selamat datang!
Bonswa! sain baina uu! K

[ more ]  [ reply ]
WebApp Pentest: Tool-Chain / Best Practice 2012-08-27
André Schaller (an schall googlemail com)
Hey there,

I know there are a lot of guidelines on how to perform a decent web
application pentest (like the owasp guide). However, most of these
documents give recommendations regarding the things that need to be
investigated and the tools to use at which stage in the process.
From a business poin

[ more ]  [ reply ]
(Page 5 of 638)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


Privacy Statement
Copyright 2010, SecurityFocus