Clik here to view.
Updated PCI Data Security Standard (PCI DSS) Doc: Penetration Testing Guidance
The objective of this information supplement is to update and replace PCI SSC’s original penetration testing information supplement titled “Payment Card Industry Data Security Standard (PCI DSS)...
View ArticleClik here to view.
shadowd 1.1.0 release
It is my pleasure to announce the release of shadowd 1.1.0 as well as shadowd_ui 1.1.0 of the Shadow Daemon web application firewall. This update improves the performance, attack detection and ease of...
View ArticleClik here to view.
Linux Local Enumeration Script
I’ve made my Linux Local Enumeration Script available below, it’s far from perfect and I could spend forever improving it.But, it has saved me a bunch of time and it works great for a first pass, after...
View ArticleClik here to view.
Reverse Geocoder
A fast, offline reverse geocoder in Python here.......https://github.com/thampiman/reverse-geocoder
View ArticleClik here to view.
Paper: SoK: Deep Packer Inspection: A Longitudinal Study of the Complexity of...
Abstract—Run-time packers are often used by malware-writersto obfuscate their code and hinder static analysis. The packerproblem has been widely studied, and several solutions havebeen proposed in...
View ArticleClik here to view.
“Widespread” MongoDB Denial of Service Vulnerability Discovered
Last month, researchers in Fortinet’s threat research division, FortiGuard Labs, discovered a vulnerability in MongoDB that would allow hackers to remotely crash the database application....
View ArticleClik here to view.
Exploit Exercises
exploit-exercises.com provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation,...
View ArticleClik here to view.
rwasa, a web server written from the ground-up
rwasa is our full-featured, high performance, scalable web server designed to compete with the likes of nginx. It has been built from the ground-up with no externel library dependencies entirely in...
View ArticleClik here to view.
BROOTKIT
BROOTKIT Lightweight rootkit implemented by bash shell scripts v0.10 by wzt 2015 wzt.wzt () gmail com If bash shell scripts can be designed for security tools like chkrootkit or rkhunter, so it can be...
View ArticleClik here to view.
CTF Tools
Collection of CTF softwares and tools here.....https://github.com/apsdehal/ctf-tools
View ArticleClik here to view.
Autoarp
Autoarp is an automatic ARP attack tool. The programme will call nmap every 5 minutes to refresh the target list and send ARP packets to every host which is in the target list.more...
View ArticleClik here to view.
You, Me, and .NET GUIDs
Research done here at CylanceSPEAR is not limited to vulnerabilities. For instance, in the following research I describe two GUIDs that can be extracted from .NET assemblies in order to identify...
View ArticleClik here to view.
Alibaba CTF 2015 - XSS400 WriteUP
Flag hidden in the administrator's CookieTrigger requires the latest version of Chromehttp://1de28830f09a4b1b.alictf.com/pet.php?id=test&type=catmore...
View ArticleClik here to view.
USB Armory Now Fully Supported Arch Linux ARM and ArchAssault
The USB armory from Inverse Path is an open source hardware design, implementing a flash drive sized computer.The compact USB powered device provides a platform for developing and running a variety of...
View ArticleClik here to view.
Linux kernel memory management Part 1.
Memory management is a one of the most complex (and i think that it is the most complex) parts of the operating system kernel. In the last preparations before the kernel entry point part we stopped...
View ArticleClik here to view.
Cryptocode- Typesetting Cryptography
The cryptocode bundle provides commands and commands for easily typesettingpseudocode and simple protocols as well as environments for visualizinggame-based proofs and black-box reductions as often...
View ArticleClik here to view.
[CVE-2015-1817] Security advisory for musl libc - stack-based buffer overflow...
A stack-based buffer overflow has been found in musl libc's ipv6address literal parsing code. Programs which call the inet_pton orgetaddrinfo function with AF_INET6 or AF_UNSPEC and untrusted...
View ArticleClik here to view.
BlackHat 2015 Asia Slides
For those interested in viewing some of the slide presentations from BlackHat click here....https://www.blackhat.com/asia-15/archives.htmlA few of the titles are listed below as well1.Client-Side...
View ArticleClik here to view.
Puush accidentally infects Windows users with password-stealing malware
Puush describes itself as a “quick and simple way to share screenshots”.Unfortunately, it also seems to be a quick and simple way to infect your Windows computer with malware, that might steal your...
View ArticleClik here to view.
WebLogic SSRF And XSS (CVE-2014-4241, CVE-2014-4210, CVE-2014-4242)
Universal Description Discovery and Integration (UDDI) functionality often lurks unlinked but externally accessible on WebLogic servers. It’s trivially discoverable using fuzz lists such as...
View Article