Member Login
new_way_of_learning_4.jpg
Home arrow by Cats Grouped
Bookmarks List
Display Mode : One Cat | by Alpha Grouped | [by Cats Grouped] | by Alpha Not Grouped
<< Start < Prev [1] 2 3 4 Next > End >>
Results: 1 - 50 of 166
Audit and Pentest  Top
Advanced SQL injection paper (ngssoftware) Popular Bookmark  NGSSoftware's SQL injection papers. The first paper focuses on ASP/MS-SQL issues and is quite throughtout with the details. The second paper is an addennum to the first, and clarifies some issues that was not perhaps that clearly explained in the fir 1'008 
Attacking the DNS protocol Popular Bookmark  This paper explains pretty well some of the attacks plaguing the DNS protocol. Attacking DNS for zone transfers, cache poisoning and so on might not be the most common practice in audits, but it is good to be aware of these kind of attack possibiliti 968 
Blindfolded SQL injection Popular Bookmark  This whitepaper explains how it is not always necessary to have descriptive error-messages to perform successful SQL injection attacks. It is clean and written well. 874 
Cross site scripting FAQ Popular Bookmark  This paper is about Cross Site Scripting and explains to the reader what an XSS is about and why it is dangerous, giving some examples. This is a good briefer into the XSS-attacks. 909 
Exploiting cisco routers (part 1) Popular Bookmark  This article-serie shows some methods of enumerating and exploiting Cisco routers. Good read for those that require network device knowledge, but has never had the chance to experiment. 949 
Exploiting cisco routers (part 2) Popular Bookmark  This article-serie shows some methods of enumerating and exploiting Cisco routers. Good read for those that require network device knowledge, but has never had the chance to experiment. 891 
Fingerprinting port 80 attacks Popular Bookmark  In these articles is shown what actual attacks would look like in the web-logs and gives some examples what to expect. Why I posted these is that they give also clues of possible attack methods. 888 
Fingerprinting port 80 attacks (part 2) Popular Bookmark  In these articles is shown what actual attacks would look like in the web-logs and gives some examples what to expect. Why I posted these is that they give also clues of possible attack methods. 854 
Google search strings assist in auditing Popular Bookmark  This site contains loads of google search strings that can reveal sensitive information on a site. A nice addition to put in use, maybe some day there will be a tool automating these. 933 
IP spoofing introduction This OK paper touches IP & TCP, as these are vital ones in understanding what IP spoofing really is about. The paper kindly explains several scenarios and why these are possible. The technique does not allow for anonymous Internet access, which is a 667 
Neworder.box.sk New Order hosts lots of tools and keeps track of exploits. It is also posting security-info and lots of articles. From here you might find the right tool, paper or exploit to get you going with the task you have. 628 
oracle row level security In this article serie Pete Finnigan explains what the row level security feature in Oracle database is, and how it is used for added security. He also explains how to audit these policies. 614 
Oracle security testing This site has loads of links to Oracle-related security papers, giving lots of information about how to test the security of Oracle databases & how to secure them. Very good resource if you got a database to secure or audit. 660 
Pentesting for web applications (part 1) Popular Bookmark  This three part article explains some web application behaviour and how that can be exploited. Good reading for penetration testers at it gives a good oversight of what web application hacking is basically about. 783 
Pentesting for web applications (part 2) This three part article explains some web application behaviour and how that can be exploited. Good reading for penetration testers at it gives a good oversight of what web application hacking is basically about. 678 
Pentesting for web applications (part 3) This three part article explains some web application behaviour and how that can be exploited. Good reading for penetration testers at it gives a good oversight of what web application hacking is basically about. 683 
Red team assessment paper Popular Bookmark  This is a student pentest-paper about demonstrating weaknesses in the security architecture proposed by Parliament Hill Firewall Practical #0063. The paper is written quite well and contains interesting scenario how to attack the system. 1'228 
Soap web security The purpose of SOAP is to allow various components to communicate using remote functionality as if they were local. This paper explains some types of attacks and defenses based on the SOAP implementation. it also acts as a nice small primer to SOAP. 694 
SQL injection paper (securiteam) SecuriTeam has released an SQL injection paper that is quite good. This should help you grasp the basics of SQL injection techniques, especially if you do pentests against web-applications. 667 
 
Code/Exploit  Top
badc0ded Popular Bookmark  This site focuses deeply on exploiting buffer overflows and other vulnerabilities in code. Very good read if you are a programmer and might get one to understand buffer overflows even if the papers are quite technical. 892 
Gera insecure programming This site also focuses deeply into programming errors and how to exploit those. As I'm not a programmer, I can't provide much more information, but that it feels pretty good, as badc0ded. 675 
Memfetch Memfetch is a handy utility for dumping the memory of a running process. helping you recover information that would otherwise be lost, and making it easier to check the integrity or internals of a running process. Also, the page contains lots of othe 597 
Milw0rm exploit resource

Good resource for Proof of Concept exploit code.   http://www.milw0rm.com

milw0rm is a group of "hacktivists" best known for penetrating the computers of the Bhabha Atomic Research Centre (BARC) in Bombay, the primary nuclear research facility of India, on June 3, 1998. The attack generated heated debate on the security of information in a world prevalent with countries developing nuclear weapons, the ethics of "hacker activists" or "hacktivists," and the importance of advanced security measures in a modern world filled with teenagers willing and able to break into insecure international websites.

 http://en.wikipedia.org/wiki/Milw0rm

131 
oss.coresecurity.com Core Security offers some components used in CORE IMPACT to the community for free. These are written in Python and covers packet capture, assembly code and network protocol dissection and build. 608 
PC assembly tutorial PC Assembly Tutorial tries to give clues how to program in assembly-language and work as a primer. This could be useful for people trying to understand exploits and possibly create them. 629 
Valgrind Valgrind is a tool to help you find memory-management problems in your programs. When a program is run under Valgrind's supervision, all reads and writes of memory are checked, and calls to malloc/new/free/delete are intercepted. 580 
 
Cracking  Top
astalavista.box.sk Popular Bookmark  Astalavista is a search engine for exploits and cracks. Especially the exploit part is good for security/pentesters. However, a word of warning, as with Packetstorm, beware of trojanized code. Same warning goes with cracks, those can contain virii so 854 
www.anticrack.de Anti-Crack is mainly focused on reverse engineering, coding & cracking software. If you are a programmer, this site can wield lots of interesting information. I'm not a coder, so I can't really tell if the information here is good or not. 631 
 
Cryptography  Top
anujseth.com crypto-page Popular Bookmark  This page is an effort to provide a one-stop-shop for all your cryptography/security related queries. This site has lots of detailed information on topics ranging from the history of cryptography to the latest of crypto algorithms and products to hit 824 
Basic cryptanalysis Popular Bookmark  This manual is intended as practice material for basic cryptanalysis, originally developed for the army, but apparently it has been available to the public for some time already. This is old material, but should give you some insights about cryptanal 955 
Handbook of applied cryptography Popular Bookmark  A recommended crypto-book is available for download as e-book, for free! This is a must-read book and I recommend you get it. Perhaps now I finally get to read it :) Paper-back would be much nicer, thought. This book is intended as a reference for pr 722 
www.bouncycastle.org Legion of the Bouncy Castle has created a crypto API in Java. This piece of work could benefit one that is in need of implementing some crypto algorithms into own applications. Check the specifications on the site to see what is supported. 497 
www.ciphersbyritter.com This site has crypto-resources that help one get some idea what crypto is about. It also hosts a nice 'technical crypto terminology' that tries to tell what some of those neat words mean. And it has lots of resources. 506 
www.pki-page.org This site digs into Public Key Infrastructure and does it well. Loads of information, not just about PKI, but also on SSL, PGP, crypto articles, RFC's, and much more. A crypto overload.. 463 
 
Forensics  Top
Fire Forensics CD Popular Bookmark  FIRE is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment. This is a living project and might b 793 
Forensic analysis of a live linux system (part 1) Popular Bookmark  In this article serie is explained some of the methodologies how to analyse a running linux system properly, including the building of a toolbox for the job. 763 
Forensic analysis of a live linux system (part 2) In this article serie is explained some of the methodologies how to analyse a running linux system properly, including the building of a toolbox for the job. 621 
Honeynet Project The Honeynet Project aims to discovering ways blackhats intrude into systems, including the tools used & tactics after getting foothold of a system. This information is then shared with the community so that better defenses can be invented. They also 508 
IDS logs in forensic analysis This article shows how valuable IDS-logs can be in analyzing a break-in. Alan Neville shows the reader how to dissect snort logs with tcpdump & ethereal. Good read if you want some detailed commenting on the packet dumps. 518 
Incident and forensics articles SecurityFocus keeps all incident-related articles in one place for easy read. The areas range from forensics to incident response and has also entertaining stories related to these. There are some good articles in there, I recommend reading these if 586 
Incident response tools for unix (part 1) This is a three-part serie on tools that can be used on unix-based systems when doing incident response and forensics investigations. It takes on tools for OpenBSD, Solaris & Linux-based systems. It also explains what these tools can be used for with 511 
Incident response tools for unix (part 2) This is a three-part serie on tools that can be used on unix-based systems when doing incident response and forensics investigations. It takes on tools for OpenBSD, Solaris & Linux-based systems. It also explains what these tools can be used for with 493 
The coroner's toolkit in depth This is a nice paper that explains how to use the tools in TCT efficiently for forensics purposes. The grave-robber part could be used to collect volative data while the machine is up and non-volatile data after it has been brought down, the other to 516 
Using dd over the network This HowTo explains how you can copy the entire contents of a PC over the network, in case you do not have enough big removable media or it is not feasible to remove the original HDD of the machine. It is quite a straightforward paper. 519 
 
Guides  Top
Bigadmin portal Popular Bookmark  The BigAdmin portal SUN has, is focusing on Solaris security. They have FAQs, How-To's, discussion areas, ready-made scripts, additional resource and lots more. Worth checking out if you're managing Solaris boxes. From here you also know of latest vu 716 
Hacking guide (roelof temmingh) Popular Bookmark  Roelof Temmingh's excellent "paper" of hacking techniques, I recommend reading this one. It contains a bit humor and pretty nice description of what one would really do when h4x0ring/pentesting away. 1'744 
Hackproofing ibm db2 This presentation gives you an overview of the security-measures you have to take to make your IBM DB2 installation more secure. 543 
iis lockdown and urlscan This explains pretty well how to install these two on a windows-box, providing good information about best practices for IIS. URLScan is useful when the URLs for the website is mostly easy, thus very dynamic sites could deny themselves. 529 
ISECOM It has created OSSTMM (OpenSource Security Testing Methodology Manual) and SPSMM (Secure Programming Standards Methodology Manual) and other resources. It has a very good tool-list that fits a security specialist's toolbox. Worth checking out. The si 575 
IT baseline protection manual Popular Bookmark  This is a manual that digs in into lots of security policies. Worth checking out if you're planning security policies for your company. The manual is really huge and touches lots of surfaces that you probably have never thought of. Check it out. 779 
  Top
<< Start < Prev [1] 2 3 4 Next > End >>
Results: 1 - 50 of 166