tag:blogger.com,1999:blog-39271563237940489412011-11-23T00:08:26.683+02:00A collection of security related tips & tricks, articles, references, papers and tools.V for Vlamenoi ;)noreply@blogger.comBlogger131100tag:blogger.com,1999:blog-3927156323794048941.post-41807955606247931382008-04-11T03:58:00.003+03:002008-04-26T22:03:27.968+03:00

Abstract: Reliable exploitation of software vulnerabilities has continued to become more difficult as formidable mitigations have been established and are now included by default with most modern operating systems. Future exploitation of software vulnerabilities will rely on either discovering ways to circumvent these mitigations or uncovering flaws that are not adequately protected. Since the

V for Vlamenoi ;)noreply@blogger.com0tag:blogger.com,1999:blog-3927156323794048941.post-75887532808027918092008-04-11T03:53:00.001+03:002008-04-11T04:04:06.190+03:00

| View | Upload your own

V for Vlamenoi ;)noreply@blogger.com0tag:blogger.com,1999:blog-3927156323794048941.post-92015419273177321362007-11-07T17:57:00.000+02:002007-11-07T17:59:28.270+02:00

Presenter: Neil Daswani This talk discusses recent trends in security, and what every engineer needs to know to prevent the most significant emerging threats such as cross-site scripting and SQL injection attacks. Just as every engineer might use object-oriented design principles to achieve extensibility and re-usability, every engineer needs to employ principles such as the principle of least

V for Vlamenoi ;)noreply@blogger.com0tag:blogger.com,1999:blog-3927156323794048941.post-70001141825155131652007-11-07T17:51:00.000+02:002007-11-07T17:54:15.682+02:00

Presenter: Mike Andrews Mike Andrews looks at how web applications are attacked, walks through a testing framework for evaluating the security of an application and takes some deep-dives into a few interesting and common vulnerabilities and how they can be exploited.

V for Vlamenoi ;)noreply@blogger.com0tag:blogger.com,1999:blog-3927156323794048941.post-82673020246160458722007-11-05T12:26:00.000+02:002007-11-05T12:28:32.519+02:00

These slides demonstrate the process used to analyze a compromised (hacked) Linux Server. | View | Upload your own

V for Vlamenoi ;)noreply@blogger.com0tag:blogger.com,1999:blog-3927156323794048941.post-24618476760842382242007-11-05T12:22:00.000+02:002007-11-05T12:26:23.535+02:00

The common ways that web applications can be attacked and what you need to do to prevent it. | View | Upload your own

V for Vlamenoi ;)noreply@blogger.com0tag:blogger.com,1999:blog-3927156323794048941.post-81883910609000602842007-11-05T12:19:00.000+02:002007-11-05T12:21:58.724+02:00

| View | Upload your own

V for Vlamenoi ;)noreply@blogger.com0tag:blogger.com,1999:blog-3927156323794048941.post-58764914443104316252007-10-25T21:25:00.000+03:002007-10-25T21:26:47.836+03:00

| View | Upload your own | View | Upload your own

V for Vlamenoi ;)noreply@blogger.com0tag:blogger.com,1999:blog-3927156323794048941.post-47399269948197514752007-10-25T21:07:00.000+03:002007-10-25T21:09:53.111+03:00

Incident response and digital forensics are fast moving fields which have made significant progress over the last couple of years. This means new techniques and tools, one of these is live forensic capture. Live forensics capture means taking an image of a machine while the machine is still running, this is brilliant for the investigators and is becoming common practice. Unfortunately the rootkit

V for Vlamenoi ;)noreply@blogger.com0tag:blogger.com,1999:blog-3927156323794048941.post-67322667473437345112007-10-23T04:15:00.000+03:002007-10-25T21:16:09.575+03:00

sqlninja is a specialized tool for exploiting SQL injection bugs in web applications that use Microsoft SQL server as a backend. The main goal of this program is to provide shell access on the target database server, even in a very hostile environment. sqlninja can help the penetration tester to automate the process of taking over a database server once an SQL injection vulnerability has

V for Vlamenoi ;)noreply@blogger.com0tag:blogger.com,1999:blog-3927156323794048941.post-11822403940585101762007-10-23T04:14:00.000+03:002007-10-25T21:17:02.063+03:00

The Metasploit Framework (”Metasploit”) is a development platform for creating security tools and exploits. Version 3.0 contains 177 exploits, 104 payloads, 17 encoders, and 3 nop modules. Additionally, 30 auxiliary modules are included that perform a wide range of tasks, including host discovery, protocol fuzzing, and denial of service testing. Metasploit is used by network security

V for Vlamenoi ;)noreply@blogger.com0tag:blogger.com,1999:blog-3927156323794048941.post-16654847303254611732007-10-23T04:04:00.000+03:002007-10-25T21:19:18.035+03:00

OverviewImagine you’re the CSO of some organization, or work for the CSO of your organization and you’ve been asked to come up with a prioritized list of systems/applications that need to be assessed this year and justify why need to be assessed. How do you start? Let me show you.Your first thoughts might be consulting firms. Couldn’t they help prioritize security assessments? Consulting

V for Vlamenoi ;)noreply@blogger.com0tag:blogger.com,1999:blog-3927156323794048941.post-54139845766196594332007-10-23T03:45:00.000+03:002007-10-25T21:19:58.974+03:00

So, you want to experiment with the latest pen-testing tools, or see how new exploits effect a system? Obviously you don’t want to do these sorts of tests on your production network or systems, so a security lab is just the thing you need. This article will be my advice on how to build a lab for testing security software and vulnerabilities, while keeping it separate from the production

V for Vlamenoi ;)noreply@blogger.com0