Ouch.
Tuesday, January 26, 2010
Sunday, January 24, 2010
Technology Shouldn't Give Big Brother a Head Start
Technology Shouldn't Give Big Brother a Head Start
Thank you Bruce Schneier for defending our right to privacy.
In Greece, between June 2004 and March 2005, someone wiretapped more than 100 cell phones belonging to members of the Greek government -- the prime minister and the ministers of defense, foreign affairs and justice.
Ericsson built this wiretapping capability into Vodafone's products, and enabled it only for governments that requested it. Greece wasn't one of those governments, but someone still unknown -- a rival political party? organized crime? -- figured out how to surreptitiously turn the feature on.
Thank you Bruce Schneier for defending our right to privacy.
Wednesday, January 20, 2010
Links Links Links!
Karmetasploit: "This tool acts as wireless access point and responds to all probe requests from wireless clients. Once a client has associated with the KARMA access point, every service they try to access leads to a malicious application."
Bleeding Snort: "This site takes all the Snort Signatures we can find, and that are submitted to us, organizes them into coherent rulesets, makes basic quality tweaks, and distributes them free of charge to all who are interested."
Ubuntu Linux: How to setup a VPN connection to a SonicWall router using Openswan and Pre-shared Keys (PSK)
Default Password List for hundreds (thousands?) of devices (routers, switches, APs, etc)
RSnake's XSS (Cross Site Scripting) Cheat Sheet
sed one-liners for my fellow command line lovers out there
Whois Ping Port Scanner NSlookup & Traceroute, which is useful for when you don't want your target to know your IP -- all the traffic comes from this site instead
Network monitoring with Nagios and OpenBSD
"VideoJak is an IP Video security assessment tool that can simulate a proof of concept video interception or replay test against a targeted, user-selected video session. VideoJak is the first of its kind security tool that analyzes video codec standards such as H.264." Videojak is part of a Linux distro you may not have heard of -- VAST -- which includes VoIP hacking tools as well as more general pentesting tools like Metasploit, Nmap, and Hydra.
Enjoy!
Bleeding Snort: "This site takes all the Snort Signatures we can find, and that are submitted to us, organizes them into coherent rulesets, makes basic quality tweaks, and distributes them free of charge to all who are interested."
Ubuntu Linux: How to setup a VPN connection to a SonicWall router using Openswan and Pre-shared Keys (PSK)
Default Password List for hundreds (thousands?) of devices (routers, switches, APs, etc)
RSnake's XSS (Cross Site Scripting) Cheat Sheet
sed one-liners for my fellow command line lovers out there
Whois Ping Port Scanner NSlookup & Traceroute, which is useful for when you don't want your target to know your IP -- all the traffic comes from this site instead
Network monitoring with Nagios and OpenBSD
"VideoJak is an IP Video security assessment tool that can simulate a proof of concept video interception or replay test against a targeted, user-selected video session. VideoJak is the first of its kind security tool that analyzes video codec standards such as H.264." Videojak is part of a Linux distro you may not have heard of -- VAST -- which includes VoIP hacking tools as well as more general pentesting tools like Metasploit, Nmap, and Hydra.
Enjoy!
Saturday, January 16, 2010
Tuesday, January 12, 2010
The Web Application Security Consortium / Web Application Security Scanner List
Here's a list of many excellent Web App scanners: The Web Application Security Consortium / Web Application Security Scanner List
Friday, January 1, 2010
Hacking Practice: Purposely Vulnerable Software
Vulnerable VMware/VirtualBox images from past CTF competitions:
http://ctf.hcesperer.org/25c3ctf
http://ctf.hcesperer.org/daopen08
http://ctf.hcesperer.org/eh08ctf
http://ictf.cs.ucsb.edu/images.php
http://lampsecurity.org/capture-the-flag-5 (currently down)
http://lampsecurity.org/capture-the-flag-6 (currently down)
Many more resources: Damn Vulnerable Web App, Damn Vulnerable Linux (download), OWASP's WebGoat, De-ICE, IronGeek's Mutillidae, Bonsai's Moth, and Foundstone's HacMe Video Series.
I am currently going through these myself.
http://ctf.hcesperer.org/
http://ctf.hcesperer.org/
http://ctf.hcesperer.org/
http://ictf.cs.ucsb.edu/
http://lampsecurity.org/
http://lampsecurity.org/
Many more resources: Damn Vulnerable Web App, Damn Vulnerable Linux (download), OWASP's WebGoat, De-ICE, IronGeek's Mutillidae, Bonsai's Moth, and Foundstone's HacMe Video Series.
I am currently going through these myself.
Why You Should Come Back
What can you expect from future blog posts?
If there is a specific tool you would like to know how to use better, let me know and I'll do my best to blog about it!
--fraktil
- Lots of Infosec news
- Lots of links to tutorials (as well as some tuts of my own)
- Links to great hacking tools
If there is a specific tool you would like to know how to use better, let me know and I'll do my best to blog about it!
--fraktil
Subscribe to:
Posts (Atom)
