Bookmarks for May 28th through June 9th
These are my links for May 28th through June 9th:
- Tactical Web Application Security: Zone-H Defacement Statistics Report for Q1 2010 – Web defacements are a serious problem and are a critical barometer for estimating exploitable vulnerabilities in websites. Unfortunately, most people focus too much on the impact or outcome of these attacks (the defacement) rather than the fact that their web applications are vulnerable to this level of exploitation. People are forgetting the standard Risk equation -<br />
<br />
RISK = THREAT x VULNERABILITY x IMPACT<br />
<br />
The resulting risk of a web defacement might be low because the the impact may not be deemed a high enough severity for particular organizations. What most people are missing, however, is that the threat and vulnerability components of the equation still exist. What happens if the defacers decided to not simply alter some homepage content and instead decided to do something more damaging such as adding malicious code to infect clients? - NFI Defraser | Download NFI Defraser software for free at SourceForge.net – Defraser is a forensic analysis application that can be used to detect full and partial multimedia files in datastreams. It is typically used to find (and restore) complete or partial audio/video files in datastreams (for instance, unallocated diskspace)
- Penetration Testing and Vulnerability Analysis – Careers – Information Security Careers Cheatsheet – These are my views on careers in information security careers based on the experience I've had and your mileage may vary. The information below will be most appropriate if you live in New York City, you're interested in application security, pentesting, or reversing, and you are early on in your career in information security.
- WMIC for incident response – Earlier this week, I posted about using psexec during incident response. I mentioned at the end of that post that I’ve been using WMIC in place of psexec and that I’d have more on that later. This post, is a follow up to the psexec post.
- The Digital Standard: Crack-a-Lacka – OK…so you may have heard that’s it pretty easy to crack SAM hives using tools like Cain & Able or Ophcrack, but, you have never done it before, you don’t know where to start looking, and you feel like a dolt. No worries my friend, I am here to help.
- Groundspeed :: Add-ons for Firefox – Groundspeed is an add-on that allows security testers to manipulate the application user interface to eliminate annoying limitations and client-side controls that interfere with the web application penetration tests.
- SIPVicious: New tool in the works: TFTPTheft – Most sysadmins just love the idea of switching on a box that just works automatically. In the case of IP phones that is typically possible by setting up the right DHCP config and a TFTP server hosting firmware and configuration.
Related posts:
Categories: del.icio.us
Comments