After a slight delay, we are pleased to announce that Issue 006 of the
HITB Magazine is now available for download (PDF)! (The slight delay was
to allow us to bring you some post conference coverage!)

http://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-006.pdf

We've got loads of awesome conte

[ more ]  [ reply ]

A couple of weeks ago I asked you to fill out a questionnaire about
penetration testing definitions, standards, methods and reporting.
Thank you for your cooperation. If you haven't done so, you are still
welcome to fill out the questionnaire at
http://www.hacktoolrepository.com/article/14/Results%2

[ more ]  [ reply ]

Check these two out...

Slowloris - http://en.wikipedia.org/wiki/Slowloris
HOIC - http://hoic.99k.org

On Tue, Jun 7, 2011 at 11:40 PM, ShiYih Lye <shiyih.lye (at) my.offgamers (dot) com [email concealed]> wrote:
> Hi guys,
>
> We are testing the dos protection mechanism of our web server, and
> we're using 'apache benchmark',

[ more ]  [ reply ]

Hi guys,

We are testing the dos protection mechanism of our web server, and
we're using 'apache benchmark', ab for that purpose (httpd version is
2.2.3 in Centos 5) from the pentest machine. But it is not able to go
to a higher concurrent hits, so I'm wonder do you have any better or
more comprehen

[ more ]  [ reply ]

Hi everyone and greetings from Netherlands!

We're finally done with the epicness that was HITB2011AMS! Over 300
attendees and 45 speakers joined us for 2 days of trainings and a 2 day
quad-track conference and it was a blast as always!

Presentation materials can be downloaded from:
http://conferen

[ more ]  [ reply ]

Hello fellow pen-testers,

I've recently encountered a HP/UX Box in a penetration test. Now I've been searching for materials on HP/UX as it is (over here) not a common system to encounter.

All I've found on public search engines were links to exploits from < 2001. Have I just not searched thorough

[ more ]  [ reply ]

Hi all,

MysqlPasswordAuditor is the FREE tool to Recover or Audit Mysql
passwords. It can support both local as well as remote Mysql server.

In addition to recovering your lost/forgotten passwords, it can also
help you to audit Mysql database server setup in an corporate
environment by discovering

[ more ]  [ reply ]

Thank you all for valuable your inputs.

/--
Regards
Vimal

On Mon, May 23, 2011 at 8:52 PM, Eduardo Ramos <eduardo (at) ibtelecom.net (dot) br [email concealed]> wrote:
>
> Hi,
>
>
> On Sun, May 22, 2011 at 4:32 AM, Vimal? <avvimalkumar (at) gmail (dot) com [email concealed]> wrote:
>>
>> Hi List,
>>
>> I am trying to fingerprint the OS of a remote

[ more ]  [ reply ]

Hi all,

I need a hint/idea here.

After I launched a penetration testing attack from Internet, I could
disclose the internal IP address. What would be the attack after I
knew the internal IP address? How do I access directly to this machine
with internal IP address?

--
Zaki Akhmad

--------------

[ more ]  [ reply ]

Hi guys,

This is just to let you know that there's a new version of Arachni.

Arachni is a high-performance (Open Source) Web Application Security
Scanner Framework written in Ruby.

The main focus of this release has been on distributed deployment and
bugfixing.

Main additions include the updat

[ more ]  [ reply ]

Hi List,

I am trying to fingerprint the OS of a remote DNS server (Using ICMP and TCP).

nmap result shows Linux Kernel 2.6
Only Port 53 (UDP and TCP) is open.

http://www.securitypronews.com/securitypronews-24-20030929OSFingerprinti
ngwithICMP.html
http://nmap.org/nmap-fingerprinting-old.html -

[ more ]  [ reply ]