Die interessantesten Artikel der ersten Woche Juli
Events
- HiTB News
HiTB Konferenz in Dubaï and Kuala Lumpur- Hack in the Box Day #1 Wrap Up – rootshell.be
- Hack in the Box Day #2 Wrap Up – rootshell.be
- Notes from OWASP Bay Area Security Summit – michael-coates.blogspot.com
Interessantes zu dynamischen Identifikation und Quarantänte von schädlichen Scripten… - Hacking the Next Hope Badge – travisgoodspeed.blogspot.com
MSP430 port of the OpenBeacon firmware.
Resources:
- Comparing web application scanners, part 2 – portswigger.net
Vergleich verschiedener Web Scanner… - Cisco IOS Auditing – digitalbond.com
Neues Nessus-Plugin für Cisco Router… - Third-Party Web Widget Security FAQ – jeremiahgrossman.blogspot.com
Interessantes von Jeremia zu Widgets und deren Security…
Tools:
- BackTrack
Hierzu braucht man wohl nichts zu sagen…
- BackTrack, Present and Future – backtrack-linux.org
- BackTrack 4 Development Roadmap – backtrack-linux.org
- Netsparker Community Edition 1.5.0.0 Released – mavitunasecurity.com
Neues Netsparke Release der Community Edition… - Skipfish 1.46beta – code.google.com/p/skipfish/
Ein neues Release des Google Web-Scanners… - bsqlbf v. 2.6 – notsosecure.com
The new addition is the execution of any metasploit payload after executing OS code against Oracle database server by exploiting SQL Injection from web apps. - SandKit – s7ephen.github.com
SandKit is a toolset that is intended to assist with the investigation of Sandbox technologies. - IDA Pro 5.7 highlights – hexblog.com
We have released a IDA Pro 5.7 few days ago. - WinPcap – winpcap.org
The latest stable WinPcap version is 4.1.2. - ostinato 0.1.1 – code.google.com/p/ostinato/
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI.
Techniken:
- Got database access? Own the network! – bernardodamele.blogspot.com
Super Präsentation von Bernado über Post-Eyploitation in Verbindung mit MySQL, PostgreSQL or Microsoft SQL Server… - The curious case of JBoss Hacking – inner-knowledge.blogspot.com
It is not so rare seeing jboss where the jmx-console is not password protected. - Linux buffer overflow II – gunslingerc0de.wordpress.com
In the first edition of my tutorial tutorial explains berbuffer 400-byte buffer overflow. - Vulnerability Assessment Testing Automation Part I – sans.edu
HowTo automate parts of the security testing process… - Full-Disclosure, Our Turn – jeremiahgrossman.blogspot.com
No Web applications, no forms, no log-in, no user-supplied input where XSS can hide. - sqlmap and SOAP based web services – bernardodamele.blogspot.com
SOAP – Support für Bernados sqlmap… - more with rpcclient – carnal0wnage.attackresearch.com
Got asked to help remotely locate local admins on boxes on a network. - Hacking wireless presenters with an Arduino and Metasploit – teusink.net
Someone in the audience can control the slides and can send any keystroke you want to the victim, as if they were sitting at the keyboard.
