| M | D | M | D | F | S | S |
|---|---|---|---|---|---|---|
| « Apr | ||||||
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | 31 | |||||
22.4.2011 von tugrik.
There’s an excellent post on Security Principles and Maxims over at http://blog.blackswansecurity.com/2011/04/security-principles-maxims/
When discussing the ubiquitous and nebulous “Best Practice”, it’s handy to have an actual list of what that is - and this is a great start.
Geschrieben in general | Drucken | Keine Kommentare »
18.8.2010 von matti.
http://download.101com.com/pub/itci/Files/ITCi_ITACL-InfoSec_0612_finalweb.pdf
http://www.revision-online.info/index.php/Hauptseite
http://www.sans.org/score/checklists/ISO_17799_checklist.pdf
http://www.auditnet.org/docs/ITAuditCL.pdf
and http://www.t2pa.com/
Geschrieben in link | Drucken | 1 Kommentar »
17.8.2010 von matti.
A lot of the testing nowadays goes back to do some account hacking.
The hope of a password being in a dictionary is long gone.
Too many security policies hindering people to chose weak passwords.
But users still have to be able to remember passwords.
So we do mutations and other things:
http://www.randomstorm.com/rsmangler-security-tool.php
http://www.remote-exploit.org/Wyd/
So if you want to check your own password:
Geschrieben in hacking | Drucken | Keine Kommentare »
13.8.2010 von matti.
http://www.hackfromacave.com/katana.html
During Blackhat there has been an update to version two
Fun to have everything along….
Geschrieben in hacking | Drucken | 1 Kommentar »
15.6.2010 von tugrik.
TSCrack… courtesy of this page… http://ahlindia.17.forumer.com/a/tscrack_post179.html
It can be downloadedfrom here:http://web.archive.org/web/20030503034543/http://ackers.org.uk/tscrack/tscrack.exe
Geschrieben in general | Drucken | Keine Kommentare »
7.6.2010 von tugrik.
http://www.raymond.cc/blog/archives/2009/03/22/install-every-single-internet-explorer-versions-on-your-computer/
We’ll see….
( time passes )
It didn’t…
Geschrieben in general | Drucken | 1 Kommentar »
30.5.2010 von tugrik.
The md5sum for Metasploitable.zip obtained from a torrent… well it’s e54089ba72fe0127d06528decad9a6ae for me, which either means it’s fine, or if it’s the same for you, then at least we know we’ll have both been owned by the same hackers…
Geschrieben in general | Drucken | 1 Kommentar »
27.4.2010 von matti.
Just a quick one…
There is a nice service for testing flash and javascripts of websites:
http://wepawet.cs.ucsb.edu/index.php
If you feel brave enough to test for yourself or want to get to the source of some javascript stuff:
http://malzilla.sourceforge.net/
Geschrieben in hacking | Drucken | 1 Kommentar »
12.4.2010 von faintdreams.
[Source - http://www.downloadsquad.com/2010/04/12/wordpress-blogs-hit-with-mass-malware-attack/]
“Hundreds of WordPress blogs, particularly those hosted by Network Solutions, have been hit with an attack that cripples the blogs and redirects visitors to a URL that loads malware. The attack has been reported by both Sucuri Security Labs and Trend Micro. It works by replacing the contents of a WordPress blog’s “siteurl” field (under wp_options) with some HTML code. That field isn’t supposed to contain HTML, so it effectively breaks the blog.Security companies haven’t figured out how the blogs were exploited, although Sucuri says it was probably SQL injection or a database problem at Network Solutions. Network Solutions is investigating, and looking to blame a WordPress theme or plugin for the security hole, Trend Micro says. Trend Micro also has some info on the malware that the blogs are now redirecting to: it’s a known malware family called BUZUS, and antivirus software should be able to identify it.
If your blog was affected, change your siteurl bac k to its old value.You can find it under manage database, in the wp_option table. ”
This kind of platform attack is the most galling, because it’s something individual users of the software are powerless to protect themselves against. The onus is entirely on the hosting company, and it seems that in this case Network Solutions have a lotta ’splaining to do.
Geschrieben in link, general | Drucken | Keine Kommentare »
18.3.2010 von matti.
I had a network test lately and was using some newer tools….
Ncrack:
http://nmap.org/ncrack/man.html
Medusa (after two years a new version):
http://www.foofus.net/jmk/medusa/medusa.html
Nsploit (nmap with metasploit)
http://trac.happypacket.net/
Happy hacking everyone…
Geschrieben in hacking | Drucken | 1 Kommentar »