693 matches found
[OS X Auditor] free Mac OS X computer forensics tool
OS X Auditor parses and hashes the following artifacts on the running system or a copy of a system you want to analyze: the kernel extensions the system agents and daemons the third party's agents and daemons the old and deprecated system and third party's startup items the users' agents the user...
DefCamp 2013 - International Hacking and Information Security Conference in Romania
The Fourth Edition of an International Information Security Conference hosted in Romania , The DefCamp 2013 is now open for Call for Papers. Over 300 Security experts, Researchers, and Enthusiasts from Romania and neighboring countries are expected to take part in the event in Bucharest, at the...
Sql injection
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management OSSIM 4.1 allow remote attackers to execute arbitrary SQL commands via the 1 sensor parameter in a Query action to forensics/baseqrymain.php; the 2 tcpflags or 3 tcpport04 parameter to...
UBUNTU-CVE-2013-5321
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management OSSIM 4.1 allow remote attackers to execute arbitrary SQL commands via the 1 sensor parameter in a Query action to forensics/baseqrymain.php; the 2 tcpflags or 3 tcpport04 parameter to...
National Security threats to be detailed at 'The Hackers Conference' 2013 | #THC2013
The recent "disconcerting" reports that India was being spied upon by American intelligence agencies has opened an all new chapter in the cyber security space. The revelation that the Indian embassy in the US was among the list of 38 diplomatic missions which were being spied upon by American...
National Security threats to be detailed at 'The Hackers Conference' 2013 | #THC2013
The recent “disconcerting" reports that India was being spied upon by American intelligence agencies has opened an all new chapter in the cyber security space. The revelation that the Indian embassy in the US was among the list of 38 diplomatic missions which were being spied upon by American...
Two Vulnerabilities in NetworkMiner : DLL Hijacking + Directory Traversal
Security Advisory ID: NETRESEC-1386968 http://netresec.com/?b=1386968 NetworkMiner version 1.4.1 and older is vulnerable to DLL hijacking and contains a directory traversal vulnerability. ==Description== NetworkMiner is a tool designed for network forensics and network security monitoring. It is...
Google WebLogin Tokens Expose Google Apps, User Data
An exposure in the way Google handles authentication is an illustration of the unintended consequences of trading security for a little bit of convenience. Craig Young, a researcher from security company Tripwire, demonstrated at Def Con over the weekend how an Android single sign-on token known ...
What to Look For in a SIEM Solution
Security Information & Event Management SIEM has evolved over the years to become one of the most trusted and reliable solutions for log management, security, and compliance. The demand for SIEM tools is constantly increasing within network and IT security teams. This is due particularly to the...
NIST Seeks Guidance on Incident Response and Forensics
The federal government is looking for some help in figuring out how to respond to security incidents. As attacks continue to escalate against both government agencies and private enterprises, NIST is developing a set of standards for best practices in incident response and computer forensics. The...
IRC Botnet Leveraging Unpatched Plesk Vulnerability
Researchers have found a botnet exploiting a vulnerability in the Plesk hosting control panel, ramping up calls from experts to upgrade to current versions of the product. A notice on the Plesk command injection vulnerability as well as exploit code was posted last week to the Full Disclosure lis...
Massive 167Gbps DDoS attacks against Banking and Financial Institutions
DDoS attackers attempted to bring down an Banking services earlier this week using one of the largest Distributed denial of service attack using DNS reflection technique. Prolexic, the global leader in Distributed Denial of Service DDoS protection services, announced that it has successfully...
Apple Decrypts Seized iPhones For The Police
The security features built into Apple’s iOS software are so good that the police are unable to gain access to defendant’s iPhones when they need to. Companies like Apple and Google are being asked by law enforcement officials to bypass these protections to aid in investigations. Apple receives s...
Mobile Forensics: Santoku
Santoku is a platform for mobile forensics, mobile malware analysis and mobile application security assessment. The free Santoku Community Edition is a collaborative project to provide a pre-configured Linux environment with utilities, drivers and guides for these areas. Boot into Santoku and get...
[Santoku 0.4] Distribution dedicated to mobile forensics, malware analysis and security testing
Santoku includes a number of open source tools dedicated to helping you in every aspect of your mobile forensics, malware analysis, and security testing needs, including: Development Tools: Android SDK Manager AXMLPrinter2 Fastboot Heimdall src | howto Heimdall GUI src | howto SBF Flash Penetrati...
[DEFT 7] Distribution with the best freeware Windows Computer Forensic tools
DEFT 7 is based on the new Kernel 3 Linux side and the DART Digital Advanced Response Toolkit with the best freeware Windows Computer Forensic tools. It’s a new concept of Computer Forensic system that use LXDE as desktop environment and WINE for execute Windows tools under Linux and mount manage...
[Canari Framework] Maltego Rapid Transform Development Framework
Canari is a rapid transform development framework for Maltego written in Python. The original focus of Canari was to provide a set of transforms that would aid in the execution of penetration tests, and vulnerability assessments. Ever since it's first prototype, it has become evident that the...
[REMnux] A Linux Distribution for Malware Analysis
REMnux incorporates a number of tools for analyzing malicious executables that run on Microsoft Windows, as well as browser-based malware, such as Flash programs and obfuscated JavaScript. This popular toolkit includes programs for analyzing malicious documents, such PDF files, and utilities for...
[HoneyDrive Desktop v0.2] Honeypot LiveCD
HoneyDrive is a virtual appliance OVA with Xubuntu Desktop 12.04 32-bit edition installed. It contains various honeypot software packages such as Kippo SSH honeypot, Dionaea malware honeypot, Honeyd low-interaction honeypot, Glastopf web honeypot along with Wordpot, Thug honeyclient and more...
[Matriux] The Open Source Security Distribution for Ethical Hackers and Penetration Testers and Forensic Experts
The Matriux is a phenomenon that was waiting to happen. It is a fully featured security distribution based on Debian consisting of a powerful bunch of more than 300 open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking...