Cowrie - SSH Honeypot

Cowrie is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. Cowrie is directly based on Kippo by Upi Tamminen desaster. Features Some interesting features: Fake filesystem with the ability to...

Cyber UL Could Become Reality Under Leadership of Hacker Mudge

UPDATE–One of the longstanding problems in security–and the software industry in general–is the lack of any universally acknowledged authority on quality and reliability. But the industry moved one step closer to making such a clearinghouse a reality this week when Peiter Zatko, a longtime...

Away from the Flash, away from the dangerous: from Flash 0day vulnerability disclosure to the integrated penetration tools package, only used 4-day-vulnerability warning-the black bar safety net

6 on 2 7 January, a penetration testing Toolkit Magnitude has been successfully Adobe Flash Player 0day vulnerability, and this time only in the Adobe release fix vulnerabilities patch after four days, kit software the author recently become the fastest to achieve the use of the Flash Player...

DSA-3296-1 libcrypto++ - security update

Bulletin has no description...

New Chrome Extension Blocks BeEF Attacks

An engineer has devised a new way to help combat BeEF, or browser exploit framework attacks. The tool, a Chrome extension, detects and blocks hooks from BeEF–an exploit tool similar to Metasploit–that uses JavaScript to control browsers. Routinely used by researchers, pen testers, and attackers,...

This Unbreakable Encryption Could Save the Internet

The Awareness to encrypt your private data, chat conversations as well as communication is booming like never before that soon the world will mark some day as the International Encryption Day. This may or may not be possible in future, but Toshiba is all set to create a next level of encryption...

Facebook Hires Ex-Yahoo CISO Alex Stamos

Facebook has hired away the top security executive at Yahoo, Alex Stamos, to become the company’s new CSO. Stamos said Wednesday that he is joining Facebook because he believes the company is in the best position to address some of the large security challenges facing users and companies right no...

libreswan security, bug fix and enhancement update

3.12-10.1.0.1 - add libreswan-oracle.patch to detect Oracle Linux distro 3.12-10.1 - Resolves: rhbz1226407 CVE-2015-3204 libreswan: crafted IKE packet causes daemon restart 3.12-10 - Resolves: rhbz1213652 Support CAVS updated another prf free symkey, bogus fips mode fix 3.12-9 - Resolves:...

OpenSSL Heartbleed 漏洞 (心脏出血)

OpenSSL“心脏出血”漏洞是一个非常严重的问题。这个漏洞使攻击者能够从内存中读取多达64 KB的数据。一些安全研究员表示：无需任何特权信息或身份验证，我们就可以从我们自己的（测试机上）偷来X.509证书的私钥、用户名与密码、聊天工具的消息、电子邮件以及重要的商业文档和通信等数据。这一切是如何发生的呢？让我们一起从代码中一探究竟吧。0x01 Bug请看ssl/dlboth.c，漏洞的补丁从这行语句开始：int dtls1processheartbeatSSL s unsigned char p = &s-s3-rrec.data0, pl; unsigned short hbtype;...

Is penetration testing required for HIPAA compliance?

In this blog post were going to focus our discussion on the technical requirement part of this standard. The evaluation is supposed to establish the extent to which a covered entitys or business associates security policies and procedures meet the requirements of the HIPAA Security Rule. A questi...

Threat Outbreak Alert RuleID16089: Email Messages Distributing Malicious Software on June 21, 2015

Medium Alert ID: 39441 First Published: 2015 June 22 13:20 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID16089 may contain the following files: Name | Siz...

Security CheatSheets - A collection of cheatsheets for various infosec tools and topics

These security cheatsheets are part of a project for the Ethical Hacking and Penetration Testing course offered at the University of Florida. Expanding on the default set of cheatsheets, the purpose of these cheatsheets are to aid penetration testers/CTF participants/security enthusiasts in...

Cupp - Common User Passwords Profiler

The most common form of authentication is the combination of a username and a password or passphrase. If both match values stored within a locally stored table, the user is authenticated for a connection. Password strength is a measure of the difficulty involved in guessing or breaking the passwo...

icmpsh - Simple Reverse ICMP Shell

Sometimes, network administrators make the penetration tester's life harder. Some of them do use firewalls for what they are meant to, surprisingly! Allowing traffic only onto known machines, ports and services ingress filtering and setting strong egress access control lists is one of these cases...

FileZilla 3.11.0.2 SFTP Module - Denial of Service

FileZilla 3.11.0.2 SFTP Module - Denial of Service ''' Exploit title: filezilla 3.11.0.2 sftp module denial of service vulnerability Date: 5-6-2015 Vendor homepage: http://www.chiark.greenend.org.uk Software Link:...

Python for Security Professionals: Free IT Security Training

Python is an excellent programming language that has rapidly become popular among Hackers, Reverse engineers, software testers, Forensic analyst and Penetration testers. Python is a simple object-oriented and minimalistic language that is easy to learn for novice programmers as well as experience...

IBM Security AppScan 9.0.2 remote code execution vulnerability-vulnerability warning-the black bar safety net

IBM Security AppScan Standard is the United States, IBM company a Web application security testing tool. The tool is available in the application development life cycle for automated static and dynamic security vulnerability scanning. The vulnerability is based on the Windows OLE Automation array...

WAIDPS - Wireless Auditing, Intrusion Detection & Prevention System

WAIDPS is an open source wireless swissknife written in Python and work on Linux environment. This is a multipurpose tools designed for audit penetration testing networks, detect wireless intrusion WEP/WPA/WPS attacks and also intrusion prevention stopping station from associating to access point...

PentestBox - Portable Penetration Testing Distribution for Windows Environments

PentestBox is not like other Penetration Testing Distributions which runs on virtual machines. It is created because more than 50% of penetration testing distributions users uses windows. So it provides an efficient platform for Penetration Testing on windows platform. Check out demo video: Easy ...

Web Security Dojo - Training Environment for Web Application Security Penetration Testing

A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo What? Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v10.04.2, which is patched with the...