- « Sekurity

Ew0k

-

In Uncategorized on January 15, 2010 at 11:25 am

Like this:

Be the first to like this post.

▶ No Responses

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

- InfoSec News
  - Partnerships ahoy - this week's announcements
    This week there were a large number of vendor partnership announcements; here is a summary of the news.
  - Avast updates anti-virus product
    Avast has launched the latest version of its free anti-virus product.
  - Survey finds lack of understanding of big data or how to manage it
    More than a third of security and IT operations professionals do not understand the concept of 'big data'.
  - Webmasters of infected sites 'usually unaware of a problem'
    Many businesses have no idea that they have been hacked until they receive a warning from their protection technology.
  - BYOD is being deployed as CISOs name malware as main mobile threat
    Despite nearly three-quarters of enterprises discussing the deployment of custom mobile applications, half admit that mobility is challenging.
  - Juniper trumpets £50m acquisition of Mykonos Software
    Juniper has announced the acquisition of intrusion deception and prevention vendor Mykonos Software.
  - Enhanced privileged user management technology to be launched by Cyber-Ark
    Cyber-Ark is to launch real-time session monitoring capabilities that enable the immediate termination of suspicious activity.
  - A third of US and UK organisations have suffered a DDoS attack
    A third of organisations in the US and UK have suffered a distributed denial-of-service (DDoS) attack in the last 12 months.
  - GCHQ-backed penetration testing lab opens
    A 'dirty lab' has been established in Malvern, Worcestershire with the support of GCHQ, to help businesses stress-test their networks against attacks.
  - AlienVault introduces threat intelligence forum
    Open-source security information and event management (SIEM) vendor AlienVault has launched a system for sharing threat intelligence.
- SecTool Database
  - Officially OVAL Adopter
    OVAL is an information security community effort to standardize how to assess and report upon the machine state of computer systems. OVAL includes a language to encode system details, and an assortment of content repositories held throughout the community. Yes, it's done, Security-Database.com is now Officially OVAL Adopter for it's Repository. Tha […]
  - New vDNA WebService : CVSS v2 Calculator
    The main goal of vDNA © is to provide to third party system/program/website an easy way to integrate full documented CVE Alert. Any tool integrating the XML vDNA © scheme will be able to consume, identify and report all data related to a specific vulnerability. Today, we have update our vDNA API (Vulnerability API) and add a new service : the CVSS v2 Calcula […]
  - Security-Database OVAL Repository Update
    OVAL Repository downloads include Data Files of all vulnerability, compliance, inventory, and patch definitions for supported platforms. Data Files are intended for use with the Reference OVAL Interpreter, while both Data Files and the Bulk Content download (i.e., all definitions and schemas for all platforms) may be used with Products and Services Using OVA […]
  - Security-Database vDNA API Documentation
    vDNA © (Security Database Vulnerability DNA) are API based / Web-Services that provide a ready-to-use platform through comprehensive Rich CVE XML Correlated feeds. It includes most common Open Standards: CVSS, CPE, CWE, CAPEC, OVAL, OSVDB, and specific feeds as well as Milw0rm, Metasploit and Saint. vDNA © is suitable for integrators, security software vendo […]
  - Security-Database is proud to bring you this new service : vDNA
    Call for Beta tester - SD Papers / vDNA
  - Complemento v0.7.6 - Collection of Tools
    A collection of tools, just for fun. It includes LetDown, ReverseRaider and Httsquash. LetDown is a tcp flooder I have programmed after reading Fyodor article "TCP Resource Exhaustion and Botched Disclosure" (you can read it at http://insecure.org/stf/tcp-dos-attack-explained.html). It has an (experimental) userland TCP/IP stack, and supports multi […]
  - MetaGoofil v1.4b released
    Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,odp,ods) availables in the target/victim websites. It will generate a html page with the results of the metadata extracted, plus a list of potential usernames very useful for preparing a bruteforce attack on open services like ftp, pop3,web appli […]
  - Suricata v0.9 RC1 released
    The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. Version 0.9 RC1 New Features Support for the http_headers keyword was added libhtp was updated to version 0.2.3 Priv […]
  - Xplico v0.5.7 released
    The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn't a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT). […]
  - iScanner v0.5 released - Malicious codes scanner
    iScanner is free open source tool lets you detect and remove malicious codes and web pages viruses from your Linux/Unix server easily and automatically. This tool is programmed by iSecur1ty using Ruby programming language and it's released under the terms of GNU Affero General Public License 3.0. Features Detect malicious codes in web pages, this includ […]
- InfoSec Jobs
  - Are You a Hacker? The Australian Government Wants You!
    Hi all, How cool is that! The Australian government is hiring “hackers” to protect our beloved nation! The job add goes like that: Technical... Visit our website for more! ... Visit our website for more!
  - New Section – Share Your Opinion #1 – Antivirus and Endpoint Protection
    Hi there, I believe most of you security professionals face the same challenge as I do: an increasing number of problems to solve, and with it an increasing number... Visit our... Visit our... Visit our website for more!
  - 6 Reasons Why You Should NOT Work With Information Security
    This article does not mean to be demeaning to the career I chose to follow, but rather a humorous rundown of facts about being a security professional that cannot... Visit our website for... Visit our website for more!
  - Security Challenge #2 – PCI DSS
    Hi all, For all of you asking me for a PCI DSS specific scenario, I’ve prepared a challenge depicting a situation I faced a couple of years ago. The process... Visit our website for... Visit our website for more!
  - New Section! Security Challenges!
    Hi all! After a long while, I was finally able to start swimming and avoid being drowned by things to do at work! The new job is awesome, but the first couple of... Visit our website... Visit our website for more!
  - Information Security Management in a “Cloudy” Environment
    Hi all, As you know, My Infosec Job is an open space for you to send your articles and reach thousands of Infosec professionals worldwide, leveraging your exposure... Visit... Visit our website for more!
  - Best Companies to Work For in The Information Security Field
    Hi all, Even if the world is still recovering from the worst economic downturn since the Great Depression, information security is still a burgeoning field with plenty... Visit... Visit... Visit our website for more!
  - Startup guide to become an Information Security Consultant
    Hi all, I was browsing the net for some inspiration to my new article when I found an article that certainly adds up to what I’ve said before about starting... Visit... Visit... Visit our website for more!
  - Jobs Listing
    Hi! This page is used by your Job Manager plugin as a base. Feel free to change settings here, but please do not delete this page. Also note that any content you enter... Visit... Visit our... Visit our website for more!
  - Risk – Solution Architect – Canada
    TITLE: Solution Architect (With Risk Management experience) LOCATION: Toronto, Canada RELOCATION/VISA: NO SALARY: On request COMPANY: On request KEY... Visit our website... Visit our... Visit our website for more!
- Xploitz
  - Movable Type Publishing Platform Cross Site Scripting February 24, 2012
    Movable Type Publishing Platform versions prior to 5.13, 5.07, and 4.38 are affected by a cross site scripting vulnerability. After extracting the Moveable Type CGI files and source files on to a web server, but before the application is fully installed, cross site scripting vulnerabilities are present in the '/cgi-bin/mt/mt-wizard.cgi' page.
  - CJWSoft ASPGuest Guestbook SQL Injection February 24, 2012
    CJWSoft ASPGuest Guestbook suffers from a remote SQL injection vulnerability.
  - PHP Gift Registry 1.5.5 SQL Injection February 24, 2012
    PHP Gift Registry version 1.5.5 suffers from a remote SQL injection vulnerability.
  - Bontq Cross Site Scripting February 24, 2012
    Bontq suffers from a cross site scripting vulnerability.
  - JSRum SQL Injection February 24, 2012
    JSRum suffers from a remote SQL injection vulnerability.
  - HP Data Protector 6.1 EXEC_CMD Remote Code Execution February 24, 2012
    This exploit abuses a vulnerability in the HP Data Protector service. This flaw allows an unauthenticated attacker to take advantage of the EXEC_CMD command and traverse back to /bin/sh, this allows arbitrary remote code execution under the context of root.
  - WineBiz SQL Injection February 24, 2012
    WineBiz suffers from a remote SQL injection vulnerability.
  - Feng Chen SQL Injection February 24, 2012
    Feng Chen suffers from a remote SQL injection vulnerability.
  - PHPFox Cross Site Scripting February 24, 2012
    PHPFox suffers from a base64 encoded cross site scripting vulnerability.
  - Zerecords SQL Injection February 24, 2012
    Zerecords suffers from a remote SQL injection vulnerability.
- more Xploitz
  - iptoolsex.pl
    IpTools(0.1.4) - Rcmd Remote Crash PoC
  - p_cve-2011-4362.c
    Primitive Lighttpd Proof of Concept code for CVE-2011-4362 vulnerability
  - enumerator_asterisk_nat_peers.rb
    SIP Username Enumerator for Asterisk (UDP) Security Advisory AST-2011-013, CVE-2011-4597
  - https://twitter.com/#!/w3bd3vil/status/148454992989261824
    causes a BSoD on win 7 x64 via Safari
  - 7350roaringbeastv3.zip
    FreeBSD ftpd/ProFTPD remote exploit
  - oracleocepoc.php
    Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow PoC (*.oce)
  - zftpex.py
    zFTP Server "cwd" Remote Denial-of-Service
  - knftpd_exploit.py
    KnFTPd FTP Server v1.0.0 Multiple Command Remote Buffer Overflow Exploit
  - bwocxrun_1.zip
    BroadWin WebAccess Client bwocxrun.ocx PoC
  - killapache.pl
    Apache httpd Remote Denial of Service (memory exhaustion)
- InfoSec Toolz
  - darkBC Python Connect-Back Script
    This is a small connect-back script written in Python.
  - Samhain File Integrity Checker 3.0.2a
    Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections […]
  - Packet Fence 3.2.0
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activi […]
  - Dark D0rk3r 0.6
    Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.
  - Xenotix KeylogX Keylogger For Firefox
    Xenotix KeylogX is a keylogger add-on for Mozilla Firefox. It captures and logs keystrokes sent to the browser and you simply type alt-X to retrieve the data from the logfile.
- SecDocs
  - Movable Type Publishing Platform Cross Site Scripting
    Movable Type Publishing Platform versions prior to 5.13, 5.07, and 4.38 are affected by a cross site scripting vulnerability. After extracting the Moveable Type CGI files and source files on to a web server, but before the application is fully installed, cross site scripting vulnerabilities are present in the '/cgi-bin/mt/mt-wizard.cgi' page.
  - Bugzilla Cross Site Request Forgery
    Bugzilla Security Advisory - Due to a lack of validation of the enctype form attribute when making POST requests to xmlrpc.cgi, a possible CSRF vulnerability was discovered in Bugzilla versions 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2.
  - HP Security Bulletin HPSBMU02739 SSRT100280 2
    HP Security Bulletin HPSBMU02739 SSRT100280 2 - A potential security vulnerability has been identified with HP Data Protector Storage Media Operations (SMO). This vulnerability could be remotely exploited to allow execution of arbitrary code. Revision 2 of this advisory.
  - CJWSoft ASPGuest Guestbook SQL Injection
    CJWSoft ASPGuest Guestbook suffers from a remote SQL injection vulnerability.
  - PHP Gift Registry 1.5.5 SQL Injection
    PHP Gift Registry version 1.5.5 suffers from a remote SQL injection vulnerability.
  - Dropbear SSH Server Use-After-Free
    The Dropbear SSH server suffers from a use-after-free vulnerability that allows for arbitrary code execution.
  - Bontq Cross Site Scripting
    Bontq suffers from a cross site scripting vulnerability.
  - darkBC Python Connect-Back Script
    This is a small connect-back script written in Python.
  - HP Security Bulletin HPSBUX02737 SSRT100747 2
    HP Security Bulletin HPSBUX02737 SSRT100747 2 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.
  - JSRum SQL Injection
    JSRum suffers from a remote SQL injection vulnerability.
- Security Videos
  - Rogue Access Point-backdoor vector
  - Another methods for bypass Antivirus
    bypass kasperky antivirus using simple xor. bypass ful proactive defensa bypass signature based engine
  - Armitage for Metasploit 4.2 - What's New?
    This video shows some of the new features in Armitage for Metasploit 4.2. The latest Armitage is a solid performer and works great for managing Metasploit in high latency situations. In this video, you'll see ten Armitage clients connected to a remote server managing post-exploitation against a remote network. At the end of this video, you'll see A […]
  - Backtrack 5 Killing Antivirus
    In this video im going to show you how to kill Antivirus in a Windows 7 machine with Backtrack 5 For more interesting tutorials visit my blog My Blog: http://deceptive-room.blogspot.com/
  - Free Threaded TCP SYN Port Scanner
    http://www.secpoint.com/Multi-Threaded-TCP-Port-Scanner.html Do you know if your device have unnecessary ports open to the internet? These days most of the people have multiple devices which are constantly connected to the internet and each and every device comes with many services with open ports running quietly in the background. The user might not even ha […]
  - Windows Pwn 7 OEM, Alex Plaskett - 44CON
    http://44con.com/ Video From http://www.youtube.com/user/44contv
  - USB Flash Drive Forensics, Philip Polstra
    http://44con.com/ Video From http://www.youtube.com/user/44contv
  - Systems Applications Proxy Pwnage, Ian De Villiers - 44CON
    http://44con.com/ Video From http://www.youtube.com/user/44contv
  - Communicating with the Boss, Steve Armstrong - 44CON
    http://44con.com/ Video From http://www.youtube.com/user/44contv
  - Trusteer Rapport, Neil Kettle - 44CON
    http://44con.com/ Video From http://www.youtube.com/user/44contv

Ew0k

Sekurity_Matters

-

Like this:

Leave a Reply Cancel reply

InfoSec News

SecTool Database

InfoSec Jobs

Xploitz

more Xploitz

InfoSec Toolz

SecDocs

Security Videos

Follow “Sekurity_Matters”