Penetration Testing Mode:
(Page 8 of 638)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >
Backtrack 5 R2 priv escalation 0day found in CTF exercise 2012-04-11
Adam Behnke (adam infosecinstitute com)
wicd Privilege Escalation 0Day
Tested against Backtrack 5, 5 R2, Arch distributions

Spawns a root shell. Has not been tested for potential remote exploitation

Discovered by a student that wishes to remain anonymous in the course CTF.
This 0day exploit for Backtrack 5 R2 was discovered b

[ more ]  [ reply ]
44Con 2012 CFP - London 5th - 7th September 2012-04-10
Steve (steve 44con com)
The 2nd annual 44Con is going to be held in London in September, 2012.
We're looking for speakers, workshops and training courses to make the
event even bigger and better than last year. If you fancy an
accomodation and travel covered trip to London while it's still warm and
sunny, this is the e

[ more ]  [ reply ]
Shakacon CFP - Extended Deadline: April 13, 2012 2012-04-05
Shakacon (info shakacon org)
Thanks to everyone for all the submissions received and the committee is
evaluating them for selection. If you are on the fence about submitting
remember - All selected speakers will receive compensation to cover
Airfare and 2 hotel nights in Honolulu, Hawaii. Not to mention you get
to hang out w

[ more ]  [ reply ]
OWASP ZAP 1.4.0 released 2012-04-08
psiinon (psiinon gmail com)
Hi folks,

I'm very pleased to announce that version 1.4.0 of the OWASP Zed
Attack Proxy (ZAP) has now been released.

This release adds the following main features:
* Syntax highlighting
* fuzzdb integration
* Parameter analysis
* Enhanced XSS scanner
* A port of some of the Watcher checks
* Plugab

[ more ]  [ reply ]
[Tool update] - Gason: sqlmap plugin for burpsuite proxy 2012-04-09
cr0hn (dani madesyp com)
Dear all,

I just released a new version of Gason: A plugin to run sqlmap into

What's new?

- Bux fixes
- New GUI that allow you to run plugin stand alone, as a sqlmap GUI

Project page:



[ more ]  [ reply ]
Cheap Software Defined Radio 2012-04-04
Justin Rogosky (jrogosky gmail com)
Saw this slashdot article about repurposing a tv tuner card as a poor
mans software defined radio. Since it was on slashdot, I can assume the
discovery was made sometime in 2005 and only recently posted.

Links below are to the article and the actual site for the radio...


[ more ]  [ reply ]
how to calculate hmac for esp packet? 2012-04-04
Jun Yin (hansyin gmail com)
Hi, I'm trying to craft a esp packet for ipsec test, I try to use
python to create the hmac, I tried this:

>>> key1="11111111111111111111111111111111"
>>> msg="000001340000000b46e66a9853b58a94492be70c535a72d5994c3fe54a7c69e6a43

[ more ]  [ reply ]
Medusa 2.1 Release 2012-04-03
jmk (jmk foofus net)
Fellow Pen-Testers:

Medusa 2.1 is now available for public download.

This release does not introduce any major changes to the core of the
application. However, it does include two years worth of bug-fixes

[ more ]  [ reply ]
Hacking AutoUpdate by Injecting Fake Updates 2012-04-03
Adam Behnke (adam infosecinstitute com)
We all know that hackers are constantly trying to steal private information
by getting into the victim's system, either by exploiting the software
installed in the system or by some other means. By performing routine
updates for their software, consumers can protect themselves, patching known

[ more ]  [ reply ]
Windows Credentials Editor (WCE) v1.3beta 64bit release 2012-03-29
Amplia Security Research (research ampliasecurity com)
WCE (Windows Credentials Editor) v1.3beta 64bit released.

Download link:

Additional information:


This list is s

[ more ]  [ reply ]
Re: Time based Blind SQL injection 2012-03-29
Danux (danuxx gmail com) (1 replies)
Hi Yiannis,

The intent was to share a script as a result of a pen-test, since when
I was trying to use sqlmap and sqlninja does tools did not work for
me, and I was spending more time trying to figure out how to make them
work (possibly due to the lack of expertise on those tools). I did not
find a

[ more ]  [ reply ]
Re: Time based Blind SQL injection 2012-03-29
Yiannis Koukouras (ikoukouras gmail com) (1 replies)
Re: Time based Blind SQL injection 2012-03-30
martin mngoma gmail com (1 replies)
Re: Time based Blind SQL injection 2012-03-30
Danux (danuxx gmail com)
Pentesting on databases? 2012-03-21
stayp0s (stayp0s sec gmail com) (4 replies)
Hi list,

I'm planning do a pen testing to ensure running databases(mysql,
postgreSQL, and so on) are secure.
Anyone has useful reference guidelines about that?

Thank you!


This list is sponsored by: Information Assurance Cert

[ more ]  [ reply ]
Re: Pentesting on databases? 2012-03-21
Danux (danuxx gmail com)
RE: Pentesting on databases? 2012-03-21
Ziots, Edward (EZiots Lifespan org)
Re: Pentesting on databases? 2012-03-21
Ramiro Caire (ramiro caire gmail com)
Re: Pentesting on databases? 2012-03-21
Eric Schultz (fire0088 gmail com) (2 replies)
RE: Pentesting on databases? 2012-03-21
Ziots, Edward (EZiots Lifespan org)
Re: Pentesting on databases? 2012-03-21
Ahmed S. Shibani (sheipani gmail com)
Time based Blind SQL injection 2012-03-13
Danux (danuxx gmail com) (1 replies)
Nothing new, just a different approach to automated the process of
blind injection based on time.

Hope you find it useful.



This list is sponso

[ more ]  [ reply ]
Re: Time based Blind SQL injection 2012-03-29
Yiannis Koukouras (ikoukouras gmail com)
Windows Credentials Editor (WCE) v1.3beta 32bit release 2012-03-09
Amplia Security Research (research ampliasecurity com) (1 replies)
WCE v1.3beta 32bit released.

Download link:


version 1.3beta:
March 8, 2012
* Bug fixes
* Extended support to obtain NTLM hashes without code injection
* Added feature to dump login cleartext passwords stored by the Digest

[ more ]  [ reply ]
Re: Windows Credentials Editor (WCE) v1.3beta 32bit release 2012-03-10
Jeffrey Walton (noloader gmail com)
[HITB-Announce] HITB2012AMS SIGINT - Call for Submissions 2012-03-08
Hafez Kamal (aphesz hackinthebox org)
This is a call for submissions for the HITB SIGINT sessions at
HITB2012AMS - The third annual HITB conference in Amsterdam taking place
at the Okura from the 21st - 25th of May.

The HITB SIGINT (Signal Intelligence/Interrupt) sessions are designed to
provide a quick 15 - 30 minute overview for mate

[ more ]  [ reply ]
What They Don't Teach You in "Thinking Like the Enemy" Classes 2012-03-06
Pete Herzog (lists isecom org)
For those of you who are interested in taking a security class that
promises to teach you ethical hacking and how to think like the enemy,
let me save you some time and money on what you will learn:

[ more ]  [ reply ]
Cookie based SQL Injection 2012-03-06
Adam Behnke (adam infosecinstitute com)

All data sent by the browser to a Web application, if used in a SQL query, can be manipulated in order to inject SQL code: GET and POST parameters, cookies and other HTTP headers. Some of these values â??â??can be found in the environment variables. The GET and POST parameters are typically entered

[ more ]  [ reply ]
(Page 8 of 638)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >


Privacy Statement
Copyright 2010, SecurityFocus