Friday, 23. September 2011
PenTBox
PenTBox is a Security Suite that packs security and stability testing oriented tools for networks and systems.
Programmed in Ruby and oriented to GNU/Linux systems, but compatible with Windows, MacOS and every systems where Ruby works.

Download
http://www.pentbox.net/download-pentbox/

Permalink

 


Clickjacking For Shells

Permalink

 


Bypassing Internet Explorer's XSS Filter
By default Internet Explorer 9 has a security system to help prevent Reflective XSS attacks. There are well known shortfalls of this system, most notably that it does not attempt to address DOM based XSS or Stored XSS. This security system is built on an arbitrary philosophy which only accounts for the most straight forward of reflective XSS attacks[1]. This paper is covering three attack patterns that undermine Internet Explorer’s ability to prevent Reflective XSS. These are general attack patterns that are independent of Web Application platform.


Download PDF
https://sitewat.ch/files/Bypassing%20Internet%20Explorer%27s%20XSS%20Filter.pdf

Permalink

 


BruCON Agnitio workshop
Required for the Agnitio hands on demos:

A 32bit Windows Operating System (XP or 7 preferably – VM will be fine)
.NET framework 3.5 installed
Agnitio v2.0 installed
http://sourceforge.net/projects/agnitiotool/
Download the Pandemobium Android and iOS source code
https://github.com/denimgroup/Pandemobium
Download the selected vulnerable open source application
https://github.com/denimgroup/Pandemobium

by David Rook (Security Ninja)

Permalink

 


Script to audit web applications - Perl
Features and changes made in lilith

got rid of many many false positives (that’s good)
when SQL error is found, it now goes onto next var
improved (i hope) scanning engine
(anti) coldfusion support
better cookie handling and cookie tampering
omitted perl HTML::Form limitation
better verbose output
extensive logging
detects directory indexing
recursive URL dissection
cleaned up this pasta code

Download
http://michaelhendrickx.com/wp-content/uploads/2008/11/lilith-06atar.gz

Permalink

 


Android vulnerabilities
The first vulnerability is known as a “Permission escalation vulnerability”, and allows attackers to install additional “arbitrary applications with arbitrary permissions”, without first asking the user if they want to permit such actions. This would allow attackers to access call records, texts, web browsing history and media stored on the device.
The second bug only affects the Samsung Nexus S smartphone. It lets attackers gain root access on the device, providing them with full control over the handset. Google has yet to address the security issues.

Permalink