-
Ew0k
Sekurity_Matters
-
InfoSec News- Veracode adds Android testing capability to platformVeracode has added capability to its cloud-based application security testing platform for Android mobile apps.
- ICO: consumers often denied right to their informationConsumers are being denied the right to access the information that companies or public bodies hold about them, according to the Information Commissioner, Christopher Graham.
- ICO calls for rethink on Data Protection Directive changesThe Information Commissioner's Office (ICO) has broadly welcomed the upcoming changes to the Data Protection Directive this week, but called some areas "unnecessarily and unhelpfully over-prescriptive".
- Hosted information protection launched by VerdasysVerdasys has launched two new managed service offerings for information protection.
- IT directors believe consumerisation of IT is overhypedMore than three-quarters of IT directors think the consumerisation of IT is overhyped, but admit to it causing sleepless nights.
- Symantec advises users to avoid pcAnywhere as 'code hack' story persistsSymantec customers who use its pcAnywhere software have been advised to disable it.
- ISF: consider a cyber resiliency response to protect against 'unknown unknowns'Cyber resilience is a matter for the whole business to be involved with and not just the security team.
- Google to release revised privacy policy in MarchGoogle is to roll out an overarching privacy policy that covers the majority of its products and explains what information it collects and how it is used.
- Businesses will have to report major data breaches within 24 hours under new EC lawBusinesses across the European Union (EU) will have to report 'major' data breaches within 24 hours.
- Open source 'Malwr' analysis tool launchedA free web-based malware analysis tool powered by Shadowserver aims to shake up vendor-controlled and proprietary systems.
- Veracode adds Android testing capability to platform
- SecTool Database
- Complemento v0.7.6 - Collection of ToolsA collection of tools, just for fun. It includes LetDown, ReverseRaider and Httsquash. LetDown is a tcp flooder I have programmed after reading Fyodor article "TCP Resource Exhaustion and Botched Disclosure" (you can read it at http://insecure.org/stf/tcp-dos-attack-explained.html). It has an (experimental) userland TCP/IP stack, and supports multi […]
- MetaGoofil v1.4b releasedMetagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,odp,ods) availables in the target/victim websites. It will generate a html page with the results of the metadata extracted, plus a list of potential usernames very useful for preparing a bruteforce attack on open services like ftp, pop3,web appli […]
- Suricata v0.9 RC1 releasedThe Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. Version 0.9 RC1 New Features Support for the http_headers keyword was added libhtp was updated to version 0.2.3 Priv […]
- Xplico v0.5.7 releasedThe goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn't a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT). […]
- iScanner v0.5 released - Malicious codes scanneriScanner is free open source tool lets you detect and remove malicious codes and web pages viruses from your Linux/Unix server easily and automatically. This tool is programmed by iSecur1ty using Ruby programming language and it's released under the terms of GNU Affero General Public License 3.0. Features Detect malicious codes in web pages, this includ […]
- WebTest 1.2.1 - Testing Web Application with PythonWebTest helps you test your WSGI-based web applications. This can be any application that has a WSGI interface, including an application written in a framework that supports WSGI (which includes most actively developed Python web frameworks – almost anything that even nominally supports WSGI should be testable). With this you can test your web applications w […]
- SQLNinja v0.2.5 released!Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL I […]
- WireShark 1.2.8 releasedWireshark is the world's most popular network protocol analyzer. It has a rich and powerful feature set and runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly. It is freely available as open source, and is released under the GNU G […]
- fuu v0.1 Beta - [F]aster [U]niversal [U]npackerFUU (Faster Universal Unpacker) is a GUI Windows Tool with a set of tools (plugins) to help you to unpack, decompress and decrypt most of the programs packed, compressed or encrypted with the very well knowns software protection programs like UPX, ASPack, FSG, ACProtect, etc. The GUI was designed using RadASM and MASM. Every plugin included in the official r […]
- Lansweeper v4.0 releasedLansweeper is an automated network discovery and asset management tool which scans all your computers and devices and displays them in an easy accessible web interface. There is no need to install any agents on the computers, all scanning is done by standard build-in functionality. Version 4.0 updates and bug fixes: Service version 4.0.0.24 Scheduled adsi or […]
- Complemento v0.7.6 - Collection of Tools
- InfoSec Jobs
- Are You a Hacker? The Australian Government Wants You!Hi all, How cool is that! The Australian government is hiring “hackers” to protect our beloved nation! The job add goes like that: Technical... Visit our website for more!
- New Section – Share Your Opinion #1 – Antivirus and Endpoint ProtectionHi there, I believe most of you security professionals face the same challenge as I do: an increasing number of problems to solve, and with it an increasing number... Visit our website for... Visit our website for more!
- 6 Reasons Why You Should NOT Work With Information SecurityThis article does not mean to be demeaning to the career I chose to follow, but rather a humorous rundown of facts about being a security professional that cannot be... Visit... Visit our... Visit our website for more!
- Security Challenge #2 – PCI DSSHi all, For all of you asking me for a PCI DSS specific scenario, I’ve prepared a challenge depicting a situation I faced a couple of years ago. The process is... Visit... Visit our... Visit our website for more!
- New Section! Security Challenges!Hi all! After a long while, I was finally able to start swimming and avoid being drowned by things to do at work! The new job is awesome, but the first couple of weeks... Visit... Visit... Visit our website for more!
- Information Security Management in a “Cloudy” EnvironmentHi all, As you know, My Infosec Job is an open space for you to send your articles and reach thousands of Infosec professionals worldwide, leveraging your exposure... Visit our... Visit our website for more!
- Best Companies to Work For in The Information Security FieldHi all, Even if the world is still recovering from the worst economic downturn since the Great Depression, information security is still a burgeoning field with plenty... Visit our... Visit... Visit our website for more!
- Startup guide to become an Information Security ConsultantHi all, I was browsing the net for some inspiration to my new article when I found an article that certainly adds up to what I’ve said before about starting... Visit... Visit our website for more!
- Jobs ListingHi! This page is used by your Job Manager plugin as a base. Feel free to change settings here, but please do not delete this page. Also note that any content you enter... Visit our... Visit our... Visit our website for more!
- Risk – Solution Architect – CanadaTITLE: Solution Architect (With Risk Management experience) LOCATION: Toronto, Canada RELOCATION/VISA: NO SALARY: On request COMPANY: On request KEY... Visit our website for... Visit our... Visit our website for more!
- Are You a Hacker? The Australian Government Wants You!
-
- Xploitz
- Gitorious Remote Command Execution January 28, 2012Gitorious versions prior to 2.1.1 suffer from a remote command execution vulnerability.
- HP Diagnostics Server magentservice.exe Overflow January 28, 2012This Metasploit module exploits a stack buffer overflow in HP Diagnostics Server magentservice.exe service. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Originally found and posted by AbdulAziz Harir via ZDI.
- MS12-004 midiOutPlayNextPolyEvent Heap Overflow January 28, 2012This Metasploit module exploits a heap overflow vulnerability in the Windows Multimedia Library (winmm.dll). The vulnerability occurs when parsing specially crafted MIDI files. Remote code execution can be achieved by using Windows Media Player's ActiveX control. Exploitation is done by supplying a specially crafted MIDI file with specific events, causi […]
- Studio Manolibera Listarivisteuk SQL Injection January 28, 2012Studio Manolibera's listarivisteuk.php suffers from a remote SQL injection vulnerability.
- IBBY SQL Injection January 28, 2012IBBY's nouvelles.php suffers from a remote SQL injection vulnerability.
- Adobe Cross Site Scripting January 27, 2012Adobe's forgotten password flow suffers from a cross site scripting vulnerability.
- Interactive Web Design SQL Injection January 27, 2012Interactive Web Design suffers from a remote SQL injection vulnerability.
- Global Media Service SQL Injection January 27, 2012Global Media Service suffers from a remote SQL injection vulnerability.
- vBSEO 3.6.0 proc_deutf() Remote PHP Code Injection January 27, 2012This Metasploit module exploits a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php. User input passed through 'char_repl' POST parameter isn't properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject […]
- Peel SHOPPING 2.8 / 2.9 Cross Site Scripting / SQL Injection January 26, 2012Peel SHOPPING versions 2.8 and 2.9 suffer from cross site scripting and remote SQL injection vulnerabilities.
- Gitorious Remote Command Execution January 28, 2012
- more Xploitz
- iptoolsex.pl IpTools(0.1.4) - Rcmd Remote Crash PoC
- p_cve-2011-4362.cPrimitive Lighttpd Proof of Concept code for CVE-2011-4362 vulnerability
- enumerator_asterisk_nat_peers.rbSIP Username Enumerator for Asterisk (UDP) Security Advisory AST-2011-013, CVE-2011-4597
- https://twitter.com/#!/w3bd3vil/status/148454992989261824causes a BSoD on win 7 x64 via Safari
- 7350roaringbeastv3.zipFreeBSD ftpd/ProFTPD remote exploit
- oracleocepoc.php Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow PoC (*.oce)
- zftpex.py zFTP Server "cwd" Remote Denial-of-Service
- knftpd_exploit.pyKnFTPd FTP Server v1.0.0 Multiple Command Remote Buffer Overflow Exploit
- bwocxrun_1.zipBroadWin WebAccess Client bwocxrun.ocx PoC
- killapache.plApache httpd Remote Denial of Service (memory exhaustion)
- iptoolsex.pl
- InfoSec Toolz
- Dark D0rk3r 0.5Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.
- p0f 3.03b Windows PortP0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to net […]
- Mobius Forensic Toolkit 0.5.11Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
- Dark D0rk3r 0.4Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.
- OpenDNSSEC 1.3.5OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
- Dark D0rk3r 0.5
-
- SecDocs
- Gitorious Remote Command ExecutionGitorious versions prior to 2.1.1 suffer from a remote command execution vulnerability.
- HP Diagnostics Server magentservice.exe OverflowThis Metasploit module exploits a stack buffer overflow in HP Diagnostics Server magentservice.exe service. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Originally found and posted by AbdulAziz Harir via ZDI.
- MS12-004 midiOutPlayNextPolyEvent Heap OverflowThis Metasploit module exploits a heap overflow vulnerability in the Windows Multimedia Library (winmm.dll). The vulnerability occurs when parsing specially crafted MIDI files. Remote code execution can be achieved by using Windows Media Player's ActiveX control. Exploitation is done by supplying a specially crafted MIDI file with specific events, causi […]
- AWS Hash CollisionsAdaCore Security Advisory - All AWS releases and wavefronts prior to 2012-01-21 suffer from hash collision vulnerabilities.
- Studio Manolibera Listarivisteuk SQL InjectionStudio Manolibera's listarivisteuk.php suffers from a remote SQL injection vulnerability.
- Dark D0rk3r 0.5Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.
- IBBY SQL InjectionIBBY's nouvelles.php suffers from a remote SQL injection vulnerability.
- Kraken Payload Generator Beta 1.0Kraken Payload Generator is a bash script that makes use of msfpayload to generate various shellcode.
- Fortigate UTM WAF Appliance Cross Site ScriptingThe Fortigate UTM WAF appliance suffers from persistent and reflective cross site scripting vulnerabilities.
- Adobe Cross Site ScriptingAdobe's forgotten password flow suffers from a cross site scripting vulnerability.
- Gitorious Remote Command Execution
- Security Videos
- Social Engineering Toolkit Megaprimer Part 5In this video i'll continue talking about the Website Attack methods and i'll show how to phishing a website and obtain the credentials of any victim/user using a new method named Tabnabbing Attack.. Plase leave your comments
- Backtrack 5 R1 and Metasploit : MDaemon 964 IMAPD FETCH Buffer overflowBacktrack 5 R1 and Metasploit : MDaemon 964 IMAPD FETCH Buffer overflow
- Security Focus Europe: MS12-004 midiOutPlayNextPolyEvent Heap OverflowSecurity Focus Europe: MS12-004 midiOutPlayNextPolyEvent Heap Overflow Thank you for watching! Web. www.securityfocus.eu E-Mail. securityfocus.eu@gmail.com
- Security Focus Europe: Hacking a fully protected system by Bitdefender Total Security 2012Security Focus Europe: Hacking a fully protected system by Bitdefender Total Security 2012 Thank you for watching! Web.www.securityfocus.eu E-Mail. securityfocus.eu@gmail.com
- Man in the Middle Attack - ettercap , SSLstrip and Wireshark PreviewThis Video shows how to perform man in the middle attack via Ettercap, SslStrip and Wireshark. All Methods. putting back '0' to ip_forward... and deleting port forwarding....... so you can do them with below to command after your attack is over :- root@Gravedigger-blackbuntu~# echo 0 > /proc/sys/net/ipv4/ip_forward root@Gravedigger-blackbuntu~# […]
- Risk ManagementA short illustration of risk management. Demonstrating the concepts of risk mitigation, acceptance, avoidance and transfer. Learn these concepts well and you'll do well in your CISSP exam. www.J4vv4D.com Facebook.com/J4vv4D Twitter.com/J4vv4D youtube.com/infoseccynic
- Several ways to pwn the File upload Vuln in DVWAIn this video I demo several different ways to exploit the File Upload vulnerabiltiy in DVWA as using both metasploit and conventional mehtods. Also shows how to setup up a netcat relay in order to epxloit a trust relationship between the public webserver and an interal host.
- LOIC DDOSLow Orbit Ion Cannon Used for DDos...Anonymous Method,,,,,,,,,,,
- WeBaCoo: A stealth post exploitation toolWeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool to maintain access to a compromised web server.
- Cracking WPA2 using Airmon-ngCracking WPA2 PSK using Airmon-ng
- Social Engineering Toolkit Megaprimer Part 5
