... neuere Einträge
Friday, 23. September 2011
PenTBox
Am Friday, 23. Sep 2011 im Topic 'Pentest'
PenTBox is a Security Suite that packs security and stability testing oriented tools for networks and systems.
Programmed in Ruby and oriented to GNU/Linux systems, but compatible with Windows, MacOS and every systems where Ruby works.
Download
http://www.pentbox.net/download-pentbox/
Programmed in Ruby and oriented to GNU/Linux systems, but compatible with Windows, MacOS and every systems where Ruby works.
Download
http://www.pentbox.net/download-pentbox/
Clickjacking For Shells
Am Friday, 23. Sep 2011 im Topic 'Vulnerabilities'
Bypassing Internet Explorer's XSS Filter
Am Friday, 23. Sep 2011 im Topic 'Vulnerabilities'
By default Internet Explorer 9 has a security system to help prevent Reflective XSS attacks. There are well known shortfalls of this system, most notably that it does not attempt to address DOM based XSS or Stored XSS. This security system is built on an arbitrary philosophy which only accounts for the most straight forward of reflective XSS attacks[1]. This paper is covering three attack patterns that undermine Internet Explorer’s ability to prevent Reflective XSS. These are general attack patterns that are independent of Web Application platform.
Download PDF
https://sitewat.ch/files/Bypassing%20Internet%20Explorer%27s%20XSS%20Filter.pdf
Download PDF
https://sitewat.ch/files/Bypassing%20Internet%20Explorer%27s%20XSS%20Filter.pdf
BruCON Agnitio workshop
Am Friday, 23. Sep 2011 im Topic 'Tutorials'
Required for the Agnitio hands on demos:
A 32bit Windows Operating System (XP or 7 preferably – VM will be fine)
.NET framework 3.5 installed
Agnitio v2.0 installed
http://sourceforge.net/projects/agnitiotool/
Download the Pandemobium Android and iOS source code
https://github.com/denimgroup/Pandemobium
Download the selected vulnerable open source application
https://github.com/denimgroup/Pandemobium
by David Rook (Security Ninja)
A 32bit Windows Operating System (XP or 7 preferably – VM will be fine)
.NET framework 3.5 installed
Agnitio v2.0 installed
http://sourceforge.net/projects/agnitiotool/
Download the Pandemobium Android and iOS source code
https://github.com/denimgroup/Pandemobium
Download the selected vulnerable open source application
https://github.com/denimgroup/Pandemobium
by David Rook (Security Ninja)
Script to audit web applications - Perl
Am Friday, 23. Sep 2011 im Topic 'Source Code'
Features and changes made in lilith
got rid of many many false positives (that’s good)
when SQL error is found, it now goes onto next var
improved (i hope) scanning engine
(anti) coldfusion support
better cookie handling and cookie tampering
omitted perl HTML::Form limitation
better verbose output
extensive logging
detects directory indexing
recursive URL dissection
cleaned up this pasta code
Download
http://michaelhendrickx.com/wp-content/uploads/2008/11/lilith-06atar.gz
got rid of many many false positives (that’s good)
when SQL error is found, it now goes onto next var
improved (i hope) scanning engine
(anti) coldfusion support
better cookie handling and cookie tampering
omitted perl HTML::Form limitation
better verbose output
extensive logging
detects directory indexing
recursive URL dissection
cleaned up this pasta code
Download
http://michaelhendrickx.com/wp-content/uploads/2008/11/lilith-06atar.gz
Android vulnerabilities
Am Friday, 23. Sep 2011 im Topic 'Vulnerabilities'
The first vulnerability is known as a “Permission escalation vulnerability”, and allows attackers to install additional “arbitrary applications with arbitrary permissions”, without first asking the user if they want to permit such actions. This would allow attackers to access call records, texts, web browsing history and media stored on the device.
The second bug only affects the Samsung Nexus S smartphone. It lets attackers gain root access on the device, providing them with full control over the handset. Google has yet to address the security issues.
The second bug only affects the Samsung Nexus S smartphone. It lets attackers gain root access on the device, providing them with full control over the handset. Google has yet to address the security issues.
... ältere Einträge