Penetration Testing Mode:
(Page 16 of 640)  < Prev  11 12 13 14 15 16 17 18 19 20 21  Next >
CFP for first independent international Security Conference in Russia - ZeroNights (by Defcon-Russia) 2011-09-16
Alexandr Polyakov (alexandr polyakov dsec ru)


http://zeronights.org/request

Saint-Petersburg, Russia, 25th of November
CFP consist of 2 steps

Participation requests admission of the first step is till 20.09.11
Program committee decision about the first part of speakers will be available on the 30.09.11

Participation requests admission of

[ more ]  [ reply ]
NetworkMiner 1.1 released on SourceForge! 2011-09-15
Erik Hjelmvik (erik hjelmvik gmail com)
Your favourite Windows packet analyzer/sniffer NetworkMiner has now
been upgraded to version 1.1.

The new version supports features such as:
* Extraction of Google Analytics data
* Better parsing of SMB data
* Support for PPP frames
* Even more stable than the 1.0 release

You can read more about t

[ more ]  [ reply ]
Linux Targets in a Windows Domain 2011-09-13
Doyle, Jason \(10090\) (jason doyle protiviti com) (1 replies)
When performing an internal penetration test of a windows domain with an objective of acquiring domain administrator credentials and/or credit card information, what is considered useful information on a Linux system? I'm in the situation where the only vulnerability I can find and exploit is on a

[ more ]  [ reply ]
Re: Linux Targets in a Windows Domain 2011-09-17
Ian Hayes (cthulhucalling gmail com)
Beginner Pen Tester Blog 2011-09-12
tentpester (david gomm gmail com) (1 replies)

Hi All,
I'm probably opening myself up for a lot of ridicule here but I thought I
would share a link to a new blog I've created:

http://tentpester.blogspot.com/ http://tentpester.blogspot.com/

The idea behind it is to describe my experiences while attempting to become
a pen tester. Thought it mi

[ more ]  [ reply ]
Re: Beginner Pen Tester Blog 2011-09-17
arvind doraiswamy (arvind doraiswamy gmail com)
Re: Vulnerability scanning routines - what is overkill. 2011-09-12
Marco Ivaldi (raptor mediaservice net)
On Sat, 27 Aug 2011, Duncan Alderson wrote:

> Hi Cribbar,
>
> I can see the auditors point but he may not be putting the best case forward
>
> If the organisation has a good security model in place with patching and
> hardening, there is still a need to scan the whole environment. Look at it as

[ more ]  [ reply ]
Insomnia: Whitepaper - LFI With PHPInfo Assistance 2011-09-06
Brett Moore (brett moore insomniasec com)
___________________________________________________________________

Insomnia Security :: LFI With PHPInfo Assistance
___________________________________________________________________

Name: LFI With PHPInfo Assistance
Released: 06 September 2011
Author: Brett Moore, Insomnia Security
Original Lin

[ more ]  [ reply ]
Web app assignments. 2011-09-05
cribbar (crib bar hotmail co uk)

Can I ask from a management perspective â?? when do you accept pen test
assignments for clients specific to web applications and when donâ??t you. Say
for example, company X comes to you and says they have bought a new â??web
app� and it turns out to be something like oracle financials. And they

[ more ]  [ reply ]
Should or shouldn't block public ping to a website 2011-09-05
ShiYih Lye (shiyih lye my offgamers com)
Hi,

All this while I'm not allowing any public ping to the website I'm
maintaining, but it's making me tougher to troubleshoot should any
user from the globe having trouble to access our website, as I can't
make them to send a proper traceroute report.

To your opinion, is it necessary to block pub

[ more ]  [ reply ]
t2â?²11 Challenge to be released 2011-09-10 10:00 EEST 2011-09-04
Tomi Tuominen (tomi tuominen t2 fi)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It is that time of the year again!

Since the dawn of our species (well 2005, if you want to be picky about
it) t2 has been granting free admission to the elite of their kind, the
winners of the t2 Challenges. Donâ??t be suckered in by all the cheap
imi

[ more ]  [ reply ]
Re: IT Audits/PT's of Smartphones 2011-09-04
Marco Ivaldi (raptor mediaservice net)
Hi,

I apologize for the late reply, I was on vacation.

On Wed, 3 Aug 2011, cribbar wrote:

> Hi
>
> May I ask - does there exist a (if at all possible - free) vulnerability
> scanner specific to smartphones, namely blackberries/iPhones (various
> models/versions of each)?

You stumbled upon a t

[ more ]  [ reply ]
Validating if password is encoded or encrypted 2011-09-02
Karen Sy (karensy co gmail com) (1 replies)
Hi Everyone, I'm currently reviewing an app prior to launching to our
prod. One of our security requirements is for the password to be
encrypted.
When i checked the password field in db, i noticed that all passwords
are ending with a double equal sign e.g "==".
I am under the impression that they a

[ more ]  [ reply ]
RE: Validating if password is encoded or encrypted 2011-09-12
Maksim Filenko fuib com
WebSurgery v0.6 released - Web application testing suite 2011-08-26
SuRGeoNiX (srgn ml googlemail com)
WebSurgery is a suite of tools for security testing of web applications. It
was designed for security auditors to help them with the web application
planning and exploitation. Currently, it uses an efficient, fast and stable
Web Crawler, File/Dir Bruteforcer, Fuzzer for advanced exploitation of know

[ more ]  [ reply ]
Vulnerability scanning routines - what is overkill. 2011-08-22
cribbar (crib bar hotmail co uk) (1 replies)

There was some debate the other day in our office (not tech IT myself) about
what percentage of the infrastructure vulnerabilities in the nessus
repository are taken out the equation if you have a thorough patch
management policy for the infrastructure AND you scan the system before its
brought int

[ more ]  [ reply ]
Re: Vulnerability scanning routines - what is overkill. 2011-08-27
Duncan Alderson (duncan alderson webantix net) (1 replies)
Re: Vulnerability scanning routines - what is overkill. 2011-09-01
Nick Besant (lists hwf cc)
Can Hydra Brute Force HTTP Digest Authentication? 2011-08-18
Zaki Akhmad (zakiakhmad gmail com) (2 replies)
Hi,

I'd like to know whether hydra can brute force HTTP digest authentication?

From the OWASP Testing document[1], I only found brute force:
- HTTP basic authentication
- HTML Form Based Authentication

[1] https://www.owasp.org/index.php/Testing_for_Brute_Force_%28OWASP-AT-004%
29#Brute_force_Atta

[ more ]  [ reply ]
Re: Can Hydra Brute Force HTTP Digest Authentication? 2011-08-26
Steve Pinkham (steve pinkham gmail com)
Re: Can Hydra Brute Force HTTP Digest Authentication? 2011-08-25
David Maciejak (david maciejak gmail com)
Re: Inverse NAT? 2011-08-17
Jerry (sec-acct 14 oryx cc)
Please take a look at these (2) utilities, and see if they are capable of meeting your needs.

Jerry

http://samy.pl/chownat/

http://samy.pl/pwnat/

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

[ more ]  [ reply ]
Re: Inverse NAT? 2011-08-17
Alexandre Bezroutchko (abb gremwell com)
Hi,

NAT boxes tend to drop unexpected traffic coming from WAN, by design.
Assuming there are no implementation flaws, I don't think you can
penetrate into LAN without involving a user sitting there.

Apart from social engineering attacks mentioned, DNS rebinding might be
relevant. The attack doe

[ more ]  [ reply ]
RE: Penetration testing professional certifications 2011-08-16
Majed Al Massari (malmassari hotmail com)

Hello Vlad,

Offensive Security is the best I have seen with practical hands on experience needed in order to get certified. OSCP is a good start but expect challenging assignments in order to pass the certification so this is not for the faint of heart. They also have an expert level certificatio

[ more ]  [ reply ]
(Page 16 of 640)  < Prev  11 12 13 14 15 16 17 18 19 20 21  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus