Here you go

http://userscripts.org/scripts/review/39313

Regards,
Sandeep

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of Rob
Sent: Thursday, June 28, 2012 10:22 PM
To: Anwar Khan; listbounce (at) securityfocus (dot) com [email concealed];
security-basics@secur

[ more ]  [ reply ]

Hi guys,

does anyone know any ressources about the security of citrix environments?
Anything like the basic security model, like configuration places and usual
'misconfigurations'?
Maybe there is also a hardening guide or something about config caveats?

I'd appreciate any useful information.

!s

[ more ]  [ reply ]

Burp Suite should help.

-

TAS

http://twitter.com/p0wnsauc3

-----Original Message-----

From: Anwar Khan <anwarrhce (at) gmail (dot) com [email concealed]>

Sender: listbounce (at) securityfocus (dot) com [email concealed]

Date: Thu, 28 Jun 2012 21:47:51

To: <security-basics (at) securityfocus (dot) com [email concealed]>; <pen-test (at) securityfocus (dot) com [email concealed]>

Subject: web form f

[ more ]  [ reply ]

Dear All,

Can anyone please suggest any web form filling tool, which automate
the form filling process and write bogus entries.
I have a website which i want to test against this, i just want to see
how things work without capthca, if i rely on POST and Connect.

Please suggest any tool or script.

[ more ]  [ reply ]

UCSniff 3.20 IP Video sniffer is released

http://ucsniff.sourceforge.net

NEW DEVELOPMENTS IN UCSNIFF 3.20:
* Added support for Ubuntu 12.04
* Realtime Video monitoring using latest libvlc library (2.0.1 - Twoflower)
* Support for iSAC audio codec from Google's WebRTC
* Added support for Cisco 9971

[ more ]  [ reply ]

https://github.com/blackfoundry/shareforce

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test.

[ more ]  [ reply ]

Hi guys!

I am looking for a product/solution that can help me with an external
IP/Resource scan for ports, vulnerabilities and resource
identification. I don't really have the time to make it in Python with
Nmap etc. I need a solid product that I don't have to maintain.

The big trick is to get thi

[ more ]  [ reply ]

EUSecWest 2012, Amsterdam, September 19/20, Featuring Mobile PWN2OWN
CALL FOR PAPERS - Deadline June 15 2012

   AMSTERDAM, Nederland -- The seventh annual EUSecWest
   applied technical security conference - where the eminent
   figures in the international security industry get
   together share b

[ more ]  [ reply ]

Thank you very much. You give me some interesting starting points.
Hope this can lead me to something :)

I have a question about the "Exploiting software" book. I made a search and
found on amazon "Exploiting software how to break code" by Greg Hoglund and Gary McGraw
is it the correct one? I would

[ more ]  [ reply ]

Ok, as a pen-tester who has spent a fair amount of time breaking
Citrix, and as the author of iKAT (which seems to always get used to
break Citrix), i thought it would only be fair to offer my 10cents,
and suggestions for securing Citrix.

Securing Citrix installations really comes down to defense

[ more ]  [ reply ]

Hellp everybody, I'm new to this malinglist and to pen-testing.
I'm here to learn and I'm starting with a question :)

I'm looking for some informations about attack trees usage in web application analysis.

For my master thesis I decided to study the usage of this formalism in order to reppresent a

[ more ]  [ reply ]

Adrian,

On Wed, 16 May 2012, utf-8?Q? Adri=C3=A1n_Puente_Z. ?= wrote:

> Hi everyone!
>
> I am looking for a good reference to secure a Citrix server to avoid a user
> to gain acces to the operating system. So far I have some ideas like
> restricting the execution of the cmd.exe and (maybe) expl

[ more ]  [ reply ]

Hi everyone!

I am looking for a good reference to secure a Citrix server to avoid a user to gain acces to the operating system. So far I have some ideas like restricting the execution of the cmd.exe and (maybe) explorer.exe from with a group policy in the domain.

If you know about any document I

[ more ]  [ reply ]

Hello,

I would like to announce the release of sslcaudit 1.0.

The goal of sslcaudit project is to develop a utility to automate
testing SSL/TLS clients for
resistance against MITM attacks. It is useful for testing thick clients,
mobile applications,
appliances, pretty much anything communicating

[ more ]  [ reply ]

I'm testing an app with sensitive information that is full of holes. Reflected and persisted XSS, CRSF, various injection attacksâ?¦ you name it.

You also have a bunch of vulns that arenâ??t typically of high likelihood, but in the presence of the other vulns above (Iâ??ll call them the â??enabli

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

# t2'12 - Call For Papers #
Helsinki, Finland
October 25 - 26, 2012

We are pleased to announce the annual t2'12 infosec conference, which
will take place in Helsinki, Finland, from October 25

[ more ]  [ reply ]

Hi pen-test subscribers,

I am researching the domain consensus regarding the effectiveness of different web application firewalls (WAF)s and would be glad if you could spare a few minutes of your time to answer a survey on the topic.

By completing this survey you will:

  * Help build valuable do

[ more ]  [ reply ]

It is the 6 th edition of the game.

It 's very much like a treasure hunt but more... hight tech!
The team need to find five hidden access point within a city, crack
them, then find the servers behind them, hack them to find clues to
the next target ...

Next date: Genoa, Italy, May 12
Joining is

[ more ]  [ reply ]

Hi All,

For the very first time nullcon now comes to Delhi - to showcase cutting
edge security technologies and discuss new attack vectors and security
threats among the  Corporate world and the Government sector. The event
brings together thought leaders,Corporates, Government and security
profess

[ more ]  [ reply ]

Hi

Everyone

New version of xSQL Scanner is available with following features:

- PostgreSQL support added;
- SQL PortScan updated;
- Exceptions fixed;
- Progressbar bug fixed;
- MSSQL 7 DoS module added.
- MSSQL Empty password exploit module added.
- Session support added
- Visual modified
- Minor

[ more ]  [ reply ]

VoIP Hopper 2.04 security tool is released:

http://voiphopper.sourceforge.net

New Avaya, Alcatel-Lucent, and LLDP-MED spoofing support. Thanks to Nicolas Roux of France for his Alcatel source contribution and debugging help. The Alcatel support has only been partially tested on a production netw

[ more ]  [ reply ]

Hello everybody!

I just released the slides of a course about anti-fingerprinting
techniques. The course talking about:
? A brief introduction of FreeBSD.
? How fingerprinting works.
? How defeat the fingerprinting test.
? Practical examples for evade the test for some services:
+ Web server.
+ FTP

[ more ]  [ reply ]