- « Sekurity

Ew0k

-

In Uncategorized on January 15, 2010 at 11:27 am

Like this:

Be the first to like this post.

▶ No Responses

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Not published)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

- InfoSec News
  - Webmasters of infected sites 'usually unaware of a problem'
    Many businesses have no idea that they have been hacked until they receive a warning from their protection technology.
  - BYOD is being deployed as CISOs name malware as main mobile threat
    Despite nearly three-quarters of enterprises discussing the deployment of custom mobile applications, half admit that mobility is challenging.
  - Juniper trumpets £50m acquisition of Mykonos Software
    Juniper has announced the acquisition of intrusion deception and prevention vendor Mykonos Software.
  - Enhanced privileged user management technology to be launched by Cyber-Ark
    Cyber-Ark is to launch real-time session monitoring capabilities that enable the immediate termination of suspicious activity.
  - A third of US and UK organisations have suffered a DDoS attack
    A third of organisations in the US and UK have suffered a distributed denial-of-service (DDoS) attack in the last 12 months.
  - GCHQ-backed penetration testing lab opens
    A 'dirty lab' has been established in Malvern, Worcestershire with the support of GCHQ, to help businesses stress-test their networks against attacks.
  - AlienVault introduces threat intelligence forum
    Open-source security information and event management (SIEM) vendor AlienVault has launched a system for sharing threat intelligence.
  - Webroot delivers business edition of SecureAnywhere
    Webroot has launched the business edition of its SecureAnywhere product to offer cloud-based protection for endpoints.
  - Halon Security unveils virtual firewall
    Halon Security has announced the launch of a next-generation firewall and security router as a virtual appliance.
  - ForeScout combines mobile device management with network access control
    ForeScout has launched plug-in modules to enable management of Android and iOS devices, and a plug-in module for mobile device management (MDM) integration.
- SecTool Database
  - New vDNA WebService : CVSS v2 Calculator
    The main goal of vDNA © is to provide to third party system/program/website an easy way to integrate full documented CVE Alert. Any tool integrating the XML vDNA © scheme will be able to consume, identify and report all data related to a specific vulnerability. Today, we have update our vDNA API (Vulnerability API) and add a new service : the CVSS v2 Calcula […]
  - Security-Database OVAL Repository Update
    OVAL Repository downloads include Data Files of all vulnerability, compliance, inventory, and patch definitions for supported platforms. Data Files are intended for use with the Reference OVAL Interpreter, while both Data Files and the Bulk Content download (i.e., all definitions and schemas for all platforms) may be used with Products and Services Using OVA […]
  - Security-Database vDNA API Documentation
    vDNA © (Security Database Vulnerability DNA) are API based / Web-Services that provide a ready-to-use platform through comprehensive Rich CVE XML Correlated feeds. It includes most common Open Standards: CVSS, CPE, CWE, CAPEC, OVAL, OSVDB, and specific feeds as well as Milw0rm, Metasploit and Saint. vDNA © is suitable for integrators, security software vendo […]
  - Security-Database is proud to bring you this new service : vDNA
    Call for Beta tester - SD Papers / vDNA
  - Complemento v0.7.6 - Collection of Tools
    A collection of tools, just for fun. It includes LetDown, ReverseRaider and Httsquash. LetDown is a tcp flooder I have programmed after reading Fyodor article "TCP Resource Exhaustion and Botched Disclosure" (you can read it at http://insecure.org/stf/tcp-dos-attack-explained.html). It has an (experimental) userland TCP/IP stack, and supports multi […]
  - MetaGoofil v1.4b released
    Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,odp,ods) availables in the target/victim websites. It will generate a html page with the results of the metadata extracted, plus a list of potential usernames very useful for preparing a bruteforce attack on open services like ftp, pop3,web appli […]
  - Suricata v0.9 RC1 released
    The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. Version 0.9 RC1 New Features Support for the http_headers keyword was added libhtp was updated to version 0.2.3 Priv […]
  - Xplico v0.5.7 released
    The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn't a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT). […]
  - iScanner v0.5 released - Malicious codes scanner
    iScanner is free open source tool lets you detect and remove malicious codes and web pages viruses from your Linux/Unix server easily and automatically. This tool is programmed by iSecur1ty using Ruby programming language and it's released under the terms of GNU Affero General Public License 3.0. Features Detect malicious codes in web pages, this includ […]
  - WebTest 1.2.1 - Testing Web Application with Python
    WebTest helps you test your WSGI-based web applications. This can be any application that has a WSGI interface, including an application written in a framework that supports WSGI (which includes most actively developed Python web frameworks – almost anything that even nominally supports WSGI should be testable). With this you can test your web applications w […]
- InfoSec Jobs
  - Are You a Hacker? The Australian Government Wants You!
    Hi all, How cool is that! The Australian government is hiring “hackers” to protect our beloved nation! The job add goes like that: Technical... Visit our website for more! Visit our website for more!
  - New Section – Share Your Opinion #1 – Antivirus and Endpoint Protection
    Hi there, I believe most of you security professionals face the same challenge as I do: an increasing number of problems to solve, and with it an increasing number... Visit our website... Visit our website for more!
  - 6 Reasons Why You Should NOT Work With Information Security
    This article does not mean to be demeaning to the career I chose to follow, but rather a humorous rundown of facts about being a security professional that cannot be... Visit... Visit... Visit our website for more!
  - Security Challenge #2 – PCI DSS
    Hi all, For all of you asking me for a PCI DSS specific scenario, I’ve prepared a challenge depicting a situation I faced a couple of years ago. The process is... Visit... Visit... Visit our website for more!
  - New Section! Security Challenges!
    Hi all! After a long while, I was finally able to start swimming and avoid being drowned by things to do at work! The new job is awesome, but the first couple of... Visit our website for more!
  - Information Security Management in a “Cloudy” Environment
    Hi all, As you know, My Infosec Job is an open space for you to send your articles and reach thousands of Infosec professionals worldwide, leveraging your exposure... Visit our... Visit our... Visit our website for more!
  - Best Companies to Work For in The Information Security Field
    Hi all, Even if the world is still recovering from the worst economic downturn since the Great Depression, information security is still a burgeoning field with plenty... Visit... Visit our website for more!
  - Startup guide to become an Information Security Consultant
    Hi all, I was browsing the net for some inspiration to my new article when I found an article that certainly adds up to what I’ve said before about starting... Visit... Visit our website... Visit our website for more!
  - Jobs Listing
    Hi! This page is used by your Job Manager plugin as a base. Feel free to change settings here, but please do not delete this page. Also note that any content you enter... Visit our... Visit... Visit our website for more!
  - Risk – Solution Architect – Canada
    TITLE: Solution Architect (With Risk Management experience) LOCATION: Toronto, Canada RELOCATION/VISA: NO SALARY: On request COMPANY: On request KEY... Visit our website for... Visit... Visit our website for more!
- Xploitz
  - D-Link DSL-2640B Authentication Bypass February 23, 2012
    The D-Link DSL-2640B ADSL router suffers from a simple authentication bypass vulnerability by spoofing the MAC address of a logged in administrator.
  - AlegroCart 1.2.7 Command Execution February 23, 2012
    AlegroCart versions 1.2.7 and below suffer from a remote command execution vulnerability.
  - Snop IP Phone Privilege Escalation February 23, 2012
    All versions of Snop IP Phone prior to 8.4.35 suffer from a privilege escalation vulnerability.
  - Joomla Dtregister SQL Injection February 23, 2012
    The Joomla Dtregister component suffers from a remote SQL injection vulnerability.
  - Interspire Shopping Cart Insecure Permissions February 23, 2012
    Interspire Shopping Cart forces poor permissions on config.php by design and by doing so leaks information like the database login and password to any local user.
  - Sagem F@ST 2604 Cross Site Request Forgery February 23, 2012
    Sagem F@ST 2604 suffers from a cross site request forgery vulnerability.
  - BRIM SQL Injection February 23, 2012
    BRIM versions prior to 2.0.0 suffer from a remote SQL injection vulnerability.
  - WordPress Magn WP Drag And Drop Shell Upload February 23, 2012
    WordPress Magn WP Drag and Drop suffers from a shell upload vulnerability.
  - DFLabs PTK 1.0.5 Cross Site Request Forgery February 23, 2012
    DFLabs PTK versions 1.0.5 and below suffer from a cross site request forgery vulnerability.
  - Philip Abbey Cross Site Scripting February 23, 2012
    Philip Abbey suffers from a cross site scripting vulnerability.
- more Xploitz
  - iptoolsex.pl
    IpTools(0.1.4) - Rcmd Remote Crash PoC
  - p_cve-2011-4362.c
    Primitive Lighttpd Proof of Concept code for CVE-2011-4362 vulnerability
  - enumerator_asterisk_nat_peers.rb
    SIP Username Enumerator for Asterisk (UDP) Security Advisory AST-2011-013, CVE-2011-4597
  - https://twitter.com/#!/w3bd3vil/status/148454992989261824
    causes a BSoD on win 7 x64 via Safari
  - 7350roaringbeastv3.zip
    FreeBSD ftpd/ProFTPD remote exploit
  - oracleocepoc.php
    Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow PoC (*.oce)
  - zftpex.py
    zFTP Server "cwd" Remote Denial-of-Service
  - knftpd_exploit.py
    KnFTPd FTP Server v1.0.0 Multiple Command Remote Buffer Overflow Exploit
  - bwocxrun_1.zip
    BroadWin WebAccess Client bwocxrun.ocx PoC
  - killapache.pl
    Apache httpd Remote Denial of Service (memory exhaustion)
- InfoSec Toolz
  - Red Hat Security Advisory 2012-0324-01
    Red Hat Security Advisory 2012-0324-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead […]
  - Nmap Iptables Shell Script
    This is a shell script that launches iptables to add rules that will flag various types of nmap scans.
  - 1337 Multiple CMS Scanner Online
    This tool is a php script that assists in finding vulnerable components in multiple CMS systems.
  - 360-FAAR Firewall Analysis Audit And Repair 0.1.3
    360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
  - Multi Threaded TCP Port Scanner 4.0
    This is a basic TCP SYN scanner that is multi-threaded.
- SecDocs
  - Zero Day Initiative Advisory 12-039
    Zero Day Initiative Advisory 12-039 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java Webstart handles the 'java- […]
  - Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution
    A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles True Type Font files. When reading a font file, Java will use the […]
  - Return-Oriented Programming Na Unha!
    Whitepaper called Return-Oriented Programming Na Unha! Written in Portuguese.
  - D-Link DSL-2640B Authentication Bypass
    The D-Link DSL-2640B ADSL router suffers from a simple authentication bypass vulnerability by spoofing the MAC address of a logged in administrator.
  - AlegroCart 1.2.7 Command Execution
    AlegroCart versions 1.2.7 and below suffer from a remote command execution vulnerability.
  - Snop IP Phone Privilege Escalation
    All versions of Snop IP Phone prior to 8.4.35 suffer from a privilege escalation vulnerability.
  - Zero Day Initiative Advisory 12-038
    Zero Day Initiative Advisory 12-038 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within JavaFX, a downloadable Java extension. The Ja […]
  - Zero Day Initiative Advisory 12-037
    Zero Day Initiative Advisory 12-037 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java Webstart. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within javaws.exe . Java Web Start does not […]
  - Joomla Dtregister SQL Injection
    The Joomla Dtregister component suffers from a remote SQL injection vulnerability.
  - Interspire Shopping Cart Insecure Permissions
    Interspire Shopping Cart forces poor permissions on config.php by design and by doing so leaks information like the database login and password to any local user.
- Security Videos
  - Another methods for bypass Antivirus
    bypass kasperky antivirus using simple xor. bypass ful proactive defensa bypass signature based engine
  - Armitage for Metasploit 4.2 - What's New?
    This video shows some of the new features in Armitage for Metasploit 4.2. The latest Armitage is a solid performer and works great for managing Metasploit in high latency situations. In this video, you'll see ten Armitage clients connected to a remote server managing post-exploitation against a remote network. At the end of this video, you'll see A […]
  - Backtrack 5 Killing Antivirus
    In this video im going to show you how to kill Antivirus in a Windows 7 machine with Backtrack 5 For more interesting tutorials visit my blog My Blog: http://deceptive-room.blogspot.com/
  - Free Threaded TCP SYN Port Scanner
    http://www.secpoint.com/Multi-Threaded-TCP-Port-Scanner.html Do you know if your device have unnecessary ports open to the internet? These days most of the people have multiple devices which are constantly connected to the internet and each and every device comes with many services with open ports running quietly in the background. The user might not even ha […]
  - Windows Pwn 7 OEM, Alex Plaskett - 44CON
    http://44con.com/ Video From http://www.youtube.com/user/44contv
  - USB Flash Drive Forensics, Philip Polstra
    http://44con.com/ Video From http://www.youtube.com/user/44contv
  - Systems Applications Proxy Pwnage, Ian De Villiers - 44CON
    http://44con.com/ Video From http://www.youtube.com/user/44contv
  - Communicating with the Boss, Steve Armstrong - 44CON
    http://44con.com/ Video From http://www.youtube.com/user/44contv
  - Trusteer Rapport, Neil Kettle - 44CON
    http://44con.com/ Video From http://www.youtube.com/user/44contv
  - User Access Control
    SafeSquid Access Restrictions Section, as the name suggests, allows you to specify access rights for users. It allows you to specify, who is allowed to access the proxy, and how. That is, from specific IPs or ranges? If the user should be authenticated? how should they be authenticated? etc. This tutorial explains about the various options of SafeSquid Acces […]

Ew0k

Sekurity_Matters

-

Like this:

Leave a Reply Cancel reply

InfoSec News

SecTool Database

InfoSec Jobs

Xploitz

more Xploitz

InfoSec Toolz

SecDocs

Security Videos

Follow “Sekurity_Matters”