Ads 468x60px

sunnuntai 21. huhtikuuta 2013

Kuukauden parhaat linkit - Osa 2

Ja sitten vielä loput hyvät linkit jakoon...

Yleistä:

Regular Cyber Intelligence Report

Cisco Cyber Risk Reports

Cisco IntelliShield alerts can be a useful source of information

Sophos 2013 Security Threat report

The fog of cyber defence - a book about cyber security and cyber war in the Nordic states

Overview of current cyber attacks

[OT] Image analysis of photos from a manned flight 2 years before the wright brothers

EU to order banks and energy firms to report cyber attacks

FAQ on the proposed directive on Network and Information security

Cisco IP phones vulnerable  - take complete control of a phone

This might have been included before - UK CPNI - Holistic Management of Employee Risk

How to disappear from the web

Is a security booklet like this useful for non-techie clients?

The hacker database

Työkalut:

Sploitego - Metasploit Transforms for Matelgo - looks amazing!

Snorby cloud firewall - manage firewall rules across your cloud infrastructure

Wireshark SMB2 file extrator

Codesonar Binary analysis - claims to find vulnerabilities in binaries without the need for IDA

API monitor - monitor and control API calls made by applications and services

DPE - Default Password Enumeration Project

VPN gate

Microsoft Enhanced Mitigation Experience Toolkit - I this this in action - looks good

VMInjector - Unlock guest VMS

Similar to a suspended VM priv esc tutorial

Dumping domain hashes using metasploit

Hackshop has some cool gadgets

VPN hunter - discovers and classifies VPNs and remote access of any organisation -

Offline security focus database

Network visualisation samples and libraries

The WordPress pingback portscanner - now a metasploit module

Nice write-up on padding oracle attacks - with a new padding oracle tool

Useful info and tools on RAID recovery

Free firewall rule analyser - hosted though

FakeNetBios is being updated - slowly

HackRF - A low cost software defined radio platform

ShellOL - intentionally vulnerable shell command injection testbed

The Pillager - tool for searching databases for interesting stuff

Littleblackbox - collection of thousands of private SSL and SSH keys extracted from embedded devices

Has anyone used OpenVAS - the opensource vulnerability scanner?

Tekniikat:
This could be interesting - MS13-027 - USB code execution

Practical timing side channel attacks aginast KASLR

Hacking the XBOX book now as a free download

Interesting blog post about escaping a python sandbox

Finding hidden Vhosts

ShellSquid - distributed shells

Mounting NFS shares through Meterpreter

Java 7u11 exploit details

Abusing, exploiting and pwning with Firefox add-ons

Precise heap spraying on Firefox and IE10

As a metasploit function

Comparison of password hash dumping tools

A kernel bug to make a process non-killable

Password cracking, hash dumping, brute-forcing guide

Samsung printer SNMP backdoor

Windows 7 Priv escalation with SYSRET

Amazon public DNS names and Apache config

In-Memory Managed Dll Loading With PowerShell

Example using Nishang for PowerShell MS SQL command execution

Comonexploit kits 2012 poster

Vulnserver DEP bypass write-up

Open Source Intelligence resource

Testing applications for DLL preloading vulnerabilities

Basic Vulnerable Windows Set-ups (useful for CTF)

Ghosts in the Rom

Packetstorm paper titled "Jackin TOR usres via evil provxies and the beef framework"

SAP parameter injection write-up by Context

Videos of all the cons

Bitsquating - analysis of DNS traffic

List of bug bountry programs for pentesters

Darling - Darwin / OS X emulation layer for Linux

Always love the metasploit demos - new Splunk 5.0 Remote Code Execution

Running code from a non-elevated account at any time

Possible LogMeIn breach

Defeating Windows Driver Signature enforcement


Ei kommentteja:

Lähetä kommentti