Penetration Testing Mode:
(Page 4 of 637)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
nmap in Virtualbox weirdness 2012-11-10
Bog Witch (iambogwitch gmail com)
Hi All,

The setup:
Host: Ubuntu 12.04 / 12.10
Virtualbox Guest: Ubuntu 12.04 / 12.10

The issue:

From the guest OS, running nmap with anything greater than T2, the NIC
becomes 'stuck' a simultaneous ping of a local box will start
reporting 'Destination host unreachable'
If the nmap scan is set abo

[ more ]  [ reply ]
TXDNS v2.2.1 released 2012-11-05
Arley Silveira (arleybls hotmail com)
TXDNS v 2.2.1 is out and available to download from
http://txdns.net/
 
Some new features:
 
* You can now rotate country code second level domains (ccSLD) along with TLDs:
  --inc-sld;
 
* You can now indicate a start point to the brute force algorithm:
  --start-at xyz;
 
* Option to force resolve

[ more ]  [ reply ]
[HITB-Announce] #HITB2013AMS Call For Papers Now Open 2012-11-05
Hafez Kamal (aphesz hackinthebox org)
The Call for Papers for the fourth annual HITBSecConf in Europe is now
open! Taking place on the 8th till 11th of April at the Okura Hotel, Amsterdam, #HITB2013AMS will be a triple track conference (with HITB Labs) and features keynotes by Eddie Schwartz, Chief Information Security Officer at RSA an

[ more ]  [ reply ]
Burp Suite Free Edition v1.5 released 2012-11-02
PortSwigger support (support portswigger net)
Burp Suite Free Edition v1.5 is now available to download from
http://portswigger.net/

This is a significant upgrade with a wealth of new features added since
v1.4, most notably:

* Completely new user interface with numerous usability enhancements.

* Several new Proxy listener options, to deal wi

[ more ]  [ reply ]
Bypassing WAF via HTTP Pollution 2012-10-03
Danux (danuxx gmail com)
By playing CSAW CTF you always learn something new (at least myself).

Hope you enjoy it:

http://danuxx.blogspot.com/2012/10/bypassing-waf-via-http-parameter.html

--
DanUx

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Ce

[ more ]  [ reply ]
winAUTOPWN v3.2 Released 2012-10-03
QUAKER DOOMER (quakerdoomer inbox lv)
Dear all,

This is to announce release of winAUTOPWN version 3.2

A complete list of all Exploits in winAUTOPWN is available inside MISC\CHANGELOG.TXT
A complete list of User Interface changes is available in MISC\UI_CHANGES.txt

BSDAUTOPWN has been compiled, like always for various flavour

[ more ]  [ reply ]
Arachni v0.4.1 has been released (Open Source Web Application Security Scanner Framework) 2012-10-03
Tasos Laskos (tasos laskos gmail com)
Hey folks,

This is just to let you know that there's a new version of Arachni.

Arachni is a modular and high-performance (Open Source) Web Application
Security Scanner Framework written in Ruby.

The change-log is quite sizable but the gist is:
* License change, Apache License v2.
* Additio

[ more ]  [ reply ]
[Onapsis Research Labs] New Onapsis Bizploit release 2012-09-27
Onapsis Research Labs (research onapsis com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear colleague,

We?re happy to announce the release of a new version of Onapsis Bizploit - the open-source ERP Penetration Testing framework.
Bizploit is a free command-line application to perform proof-of-concept penetration tests of the technical lay

[ more ]  [ reply ]
MagicTree 1.2 released 2012-09-27
Alla Bezroutchko (alla gremwell com)
MagicTree 1.2 is released and available for download at
http://www.gremwell.com/download

MagicTree is data management tool for penetration testers. It allows
bringing together data from different sources, analyzing and re-using it
and generating custom reports.

New features in this release:

*

[ more ]  [ reply ]
Fuzzing Like A Boss with Pythonect 2012-09-17
Itzik Kotler (xorninja gmail com)
Hi All,

I wanted to share with you a post I wrote about how to fuzz with Pythonect:

http://blog.ikotler.org/2012/09/fuzzing-like-boss-with-pythonect.html

Pythonect is a new, experimental, general-purpose dataflow programming
language based on Python.

It aims to combine the intuitive feel of shel

[ more ]  [ reply ]
[Onapsis Research Labs] New SAP Security In-Depth issue: "Securing the Gate to the Kingdom: Auditing the SAProuter" 2012-09-13
Onapsis Research Labs (research onapsis com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear colleague,

We are happy to announce a new issue of the Onapsis SAP Security In-Depth publication.

SAP Security In-Depth is a free publication led by the Onapsis Research Labs with the purpose of providing specialized information about the current

[ more ]  [ reply ]
[Rooted CON 2013] CFP starts! 2012-09-05
Román Ramírez (rramirez rootedcon es) (1 replies)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello all,

Here you've attached all the necessary information for any potential
speakers willing to have a talk at Rooted CON 2013.

Kind regards to all and thanks in advance

______ _ _ ____ ___ _ _
/ / _ \ ___ ___

[ more ]  [ reply ]
Hack3rCon 2012-09-14
Justin Rogosky (jrogosky gmail com)
nullcon Goa 2013 Call For Papers/Events 2012-09-05
nullcon (nullcon nullcon net)
CALL FOR PAPERS/EVENTS
IDEATE, INVENT, INNOVATE
++++++++++++++++++++++

Hello! Aloha! Namaskar! Ni Hau! Guten Tag! Privet! Salam-wale-kum!
Hej! Ahoj! Bonjour! Terve! Ciao! Konnichiva! Selamat! Barev! Jum Reap
Sour! Selamat! ahnnyeong ha se yo! Salvete! Moien! Selamat datang!
Bonswa! sain baina uu! K

[ more ]  [ reply ]
WebApp Pentest: Tool-Chain / Best Practice 2012-08-27
André Schaller (an schall googlemail com)
Hey there,

I know there are a lot of guidelines on how to perform a decent web
application pentest (like the owasp guide). However, most of these
documents give recommendations regarding the things that need to be
investigated and the tools to use at which stage in the process.
From a business poin

[ more ]  [ reply ]
OISSG 2012-08-23
sagat boxnotes net
Anyone know what happened to the project OISSG?

I can not access the site a few days ago already.

www.oissg.org

Att ..

Sagat

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and

[ more ]  [ reply ]
iKAT 2012 Release - Interactive Kiosk Attack Tool 2012-08-12
Paul Craig (paul ha cked net)
iKAT 2012 - Interactive Kiosk Attack Tool
Beating Heart Edition
-----------------------------------------------------------------

It is with great pleasure that i would like to release this years
edition of iKAT - The Interactive Kiosk Attack Tool.
http://ikat.ha.cked.net

*.ha.cked.n

[ more ]  [ reply ]
[HITB-Announce] HITB Magazine Issue 009 - Call for Submissions 2012-08-09
Hafez Kamal (aphesz hackinthebox org)
This is a call for article submissions for Issue 009 of HITB's quarterly
magazine - http://magazine.hitb.org/ which will be released alongside
#HITB2012KUL - The 10 year anniversary of the HITB Security Conference
series in Malaysia.

HITB Magazine is a deep-knowledge technical publication and we ar

[ more ]  [ reply ]
ZeroNights 2012 in Russia. CFP Now Open! 2012-07-31
Alexey GreenDog Tyurin (agrrrdog gmail com)
ZeroNights 2012, 19-20 November, Moscow, Russia (www.zeronights.org)

Call for papers // http://2012.zeronights.org/request

If you wish to share your experience, knowledge and skills, it is
easy: send us the description of your paper and the desired
presentation format. Our program committee (https

[ more ]  [ reply ]
Stealing Wireless Password with fake ap 2012-07-19
Mat TimeofWheel (matanddie gmail com) (1 replies)
Hi everyone;

I have an interesting (at least for me) question.

ESSID of my real AP is test
BSSID of my real AP: 1F:X:X:X:X:X
Password of my real AP: 12345678 (WPA2)

I have created a fake AP with ESSID test and BSSID 1F:X:X:X:X:X

1. From my netbook, i first connected to my real AP and i can c

[ more ]  [ reply ]
Re: Stealing Wireless Password with fake ap 2012-07-19
Nathan V (nathan v gmail com)
confidentiality agreement 2012-07-10
Daniel Calvo Castro (daniel calvo kernelsecurity es) (1 replies)
Hi all list,

I would ask to pentesters if someone could send me or point me to get
a good Spanish confidentiality agreement model between the parties,
client and company to perform a pentest.

Thanks in advance,

Cheers !

------------------------------------------------------------------------

T

[ more ]  [ reply ]
Re: confidentiality agreement 2012-07-11
Juan F. Campos - Computalleres.com (jfcampos computalleres com)
Malicious Code Execution in PCI Expansion ROM 2012-07-02
Adam Behnke (adam infosecinstitute com)
The malicious code in x86/x64 firmware can potentially reside in many
places. One of them is in the PCI expansion ROM. In the past, the small
amount of memory during PCI expansion ROM execution acted as a hindrance to
malicious code. The limited space for code and data limited the possible
tasks tha

[ more ]  [ reply ]
Reconfiguring cmdshell 2012-06-30
Smiling Buddha (smilngbuddha gmail com) (2 replies)
Hi,

I am on a pentest assignment and have encountered an sql injection
vulnerability with an SQL Server 2005 in the background, complete with
dbo level access. I have successfully retrieved DB values and have
already presented as evidence. Now, i am directed to take the attack
to the next level and

[ more ]  [ reply ]
Re: Reconfiguring cmdshell 2012-07-02
Yiannis Koukouras (ikoukouras gmail com)
Re: Reconfiguring cmdshell 2012-07-01
596 (infosecurity email gmail com)
AW: (In)Secure Citrix Configs 2012-06-29
!s3grim (persephane gmx eu)
Hi Lefteris,

this is an amazing, a nice bunch of links. Seems I'll have some nice reading
time and some cups of coffee to get through all of them.
Thanks alot, to you and also to all other, too.

!s3grim

________________________________

Von: lefteris panos [mailto:lefterispanos (at) gmail (dot) com [email concealed]]
Gese

[ more ]  [ reply ]
(Page 4 of 637)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus