«
Expand/Collapse
85 items tagged "testing"
Related tags:
ruby [+],
hacking [+],
darknet [+],
open source platform [+],
network security professionals [+],
framework [+],
zed attack [+],
xsser [+],
hacks [+],
tool 1 [+],
security experience [+],
ruby programming [+],
video [+],
usa [+],
security vulnerabilities [+],
security [+],
mac os x [+],
mac os [+],
ids [+],
proxy [+],
metasploit framework [+],
Tools [+],
General [+],
penetration [+],
zap [+],
x release [+],
usb [+],
stress testing [+],
prevention system [+],
posttest [+],
mode interface [+],
mail [+],
magichash [+],
keystroke [+],
ips testing [+],
ips [+],
intrusion detection prevention [+],
hwk [+],
hash collision [+],
crenshaw [+],
course [+],
collision [+],
coffeecup [+],
chaos communication congress [+],
black hat [+],
berlin [+],
authentication [+],
adrian crenshaw [+],
Wireless [+],
zetas [+],
whitepaper [+],
web [+],
vulnerability assessment [+],
trust metrics [+],
trust analysis [+],
trust [+],
tool [+],
stender [+],
sslsmart [+],
ssl [+],
socket connection [+],
serialized [+],
security metrics [+],
scott stender [+],
robots [+],
physical security [+],
philippe oechslin [+],
peta zetas [+],
peta [+],
pen [+],
pachulski [+],
overview [+],
object serialization [+],
manipulations [+],
malicious content [+],
linux environment [+],
level overview [+],
java [+],
interception proxies [+],
interactive tool [+],
h.d. moore tags [+],
false positives [+],
exploits [+],
evolutionary approach [+],
ev certificates [+],
d moore [+],
byte streams [+],
brian martin keith pachulski [+],
blind [+],
android [+],
analysis [+],
world scenarios [+],
wireless access point [+],
wifi [+],
web testing [+],
warszawa [+],
vulnerability testing [+],
vulnerability research [+],
vulnerability [+],
video training [+],
video tour [+],
u.s. [+],
tour [+],
thomas wilhelm tags [+],
thomas wilhelm [+],
stress [+],
stability testing [+],
stability [+],
sploit [+],
source code [+],
source [+],
social engineering [+],
slides [+],
slide show [+],
side [+],
security event [+],
sap [+],
samurai [+],
research toolkit [+],
remote [+],
remediation efforts [+],
ray [+],
proxy web [+],
programmable [+],
professional training [+],
professional penetration [+],
portable [+],
platform [+],
pentbox [+],
penetration tests [+],
paper [+],
pain [+],
owasp [+],
org uk [+],
openwrt [+],
open source [+],
nikhil wagholikar [+],
nicholas petty [+],
module [+],
michael schearer [+],
max caceres [+],
matthew franz sean convery [+],
matthew franz [+],
mariano nunez [+],
linux os [+],
linux host [+],
linux [+],
limits [+],
lfi [+],
lego pieces [+],
led [+],
lcd screen [+],
last chance [+],
la fonera [+],
jimi fiekert [+],
james [+],
iviz [+],
ivan arce [+],
iphone [+],
input output [+],
inguma [+],
hack in the box [+],
hack [+],
gyroscopes [+],
greg hoglund [+],
grade quality [+],
gnu linux [+],
german aerospace center [+],
fault injection [+],
fault [+],
facility [+],
elearnsecurity [+],
dubai [+],
drug testing [+],
drug [+],
drone [+],
digital input [+],
di croce [+],
database [+],
cyberdyne systems [+],
cryptography tools [+],
convery [+],
conventional solutions [+],
continuous improvements [+],
commercial realities [+],
code authors [+],
caceres [+],
bulbs [+],
brute [+],
bgp [+],
baseball bats [+],
baseball [+],
balkan [+],
automated [+],
australia [+],
audio [+],
arduino [+],
application testing [+],
application [+],
anatomy [+],
analog [+],
afghanistan [+],
Countermeasures [+],
BackTrack [+],
testing tool [+],
read [+],
metasploit [+]
-
-
20:29
»
Packet Storm Security Recent Files
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.
-
20:29
»
Packet Storm Security Tools
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.
-
20:29
»
Packet Storm Security Misc. Files
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.
-
-
20:30
»
Packet Storm Security Recent Files
PostTest is a jar file that will send POST requests to servers in order to test for the hash collision vulnerability discussed at the Chaos Communication Congress in Berlin.
-
20:30
»
Packet Storm Security Tools
PostTest is a jar file that will send POST requests to servers in order to test for the hash collision vulnerability discussed at the Chaos Communication Congress in Berlin.
-
20:30
»
Packet Storm Security Misc. Files
PostTest is a jar file that will send POST requests to servers in order to test for the hash collision vulnerability discussed at the Chaos Communication Congress in Berlin.
-
-
14:01
»
Hack a Day
This is [James'] latest android build, a set of legs that use gyroscopes for balance. He started off by planning the build with some LEGO pieces to get an idea of how each foot and leg joint would fit together. This let him achieve one of his goals. From the start he wanted to create [...]
-
-
16:47
»
Packet Storm Security Recent Files
XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.
-
16:47
»
Packet Storm Security Tools
XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.
-
16:47
»
Packet Storm Security Misc. Files
XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.
-
-
15:47
»
Packet Storm Security Recent Files
hwk is used for wireless audits, fuzzing and stress testing under Linux. It provides various modes as wireless deauthentication and authentication flooding using a monitor mode interface as well as probe response and beacon fuzzing. Furthermore it comes with some basic injection testing and focusing modes.
-
15:47
»
Packet Storm Security Tools
hwk is used for wireless audits, fuzzing and stress testing under Linux. It provides various modes as wireless deauthentication and authentication flooding using a monitor mode interface as well as probe response and beacon fuzzing. Furthermore it comes with some basic injection testing and focusing modes.
-
15:47
»
Packet Storm Security Misc. Files
hwk is used for wireless audits, fuzzing and stress testing under Linux. It provides various modes as wireless deauthentication and authentication flooding using a monitor mode interface as well as probe response and beacon fuzzing. Furthermore it comes with some basic injection testing and focusing modes.
-
-
10:35
»
SecDocs
-
-
1:51
»
SecDocs
Authors:
Philippe Oechslin Tags:
hacking Event:
Hashdays 2010 Abstract: Extended Validation certificates for TLS are more expensive and more difficult to obtain. In return they provide more trust. We want to explore the limits of this added trust. We will tie different scenarios into an attack tree and illustrate it by doing things like inserting malicious content into EV certified web sites or inserting fake EV certificates into browsers. We will also compare how different browsers react to these manipulations.
-
1:51
»
SecDocs
Authors:
Philippe Oechslin Tags:
hacking Event:
Hashdays 2010 Abstract: Extended Validation certificates for TLS are more expensive and more difficult to obtain. In return they provide more trust. We want to explore the limits of this added trust. We will tie different scenarios into an attack tree and illustrate it by doing things like inserting malicious content into EV certified web sites or inserting fake EV certificates into browsers. We will also compare how different browsers react to these manipulations.
-
-
18:20
»
Packet Storm Security Recent Files
The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
-
18:20
»
Packet Storm Security Tools
The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
-
18:20
»
Packet Storm Security Misc. Files
The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
-
-
18:01
»
Packet Storm Security Misc. Files
Whitepaper called Penetration Testing Linux with Brute Forcing Tool. It discusses using Backtrack, Metasploit, and various brute forcing tools for breaking into a Linux host.
-
-
16:01
»
Hack a Day
Once [Ruan] over at AndroidClone heard that Android devices were capable of running a full Linux environment, he started contemplating all of the things he might be able to do with a full Linux OS in his pocket. He decided that a portable penetration testing platform would be great to have on hand, so he [...]
-
-
14:21
»
Hack a Day
When you are working on constructing the first Cyberdyne Systems Model 101 prototype a super-robust robotic arm, you’ve got to test it somehow, right? You probably recognize the robot being abused in the video below, as we have talked about the construction of its hand once once before. The German Aerospace Center has been working [...]
-
-
13:22
»
Packet Storm Security Recent Files
pytbull is an intrusion detection/prevention system (IDS/IPS) testing framework for Snort and Suricata. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations.The framework is shipped with about 300 tests grouped into 8 testing modules.
-
13:22
»
Packet Storm Security Tools
pytbull is an intrusion detection/prevention system (IDS/IPS) testing framework for Snort and Suricata. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations.The framework is shipped with about 300 tests grouped into 8 testing modules.
-
13:22
»
Packet Storm Security Misc. Files
pytbull is an intrusion detection/prevention system (IDS/IPS) testing framework for Snort and Suricata. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations.The framework is shipped with about 300 tests grouped into 8 testing modules.
-
-
9:59
»
Packet Storm Security Recent Files
The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
-
9:59
»
Packet Storm Security Tools
The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
-
9:59
»
Packet Storm Security Misc. Files
The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
-
-
14:29
»
Packet Storm Security Recent Files
XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.
-
14:29
»
Packet Storm Security Tools
XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.
-
14:29
»
Packet Storm Security Misc. Files
XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.
-
-
11:27
»
Hack a Day
Needing to test the display interface for a multitude of different sensors [Fileark] built himself this analog and digital input/output simulator. Along the bottom is a double row of trimpots that adjust analog voltages. Each voltage is measured by the Arduino inside and its value is displayed on the graphic LCD screen to confirm that [...]
-
-
20:40
»
Packet Storm Security Recent Files
SSLSmart is an open source, highly flexible and interactive tool aimed at improving efficiency and reducing false positives during SSL testing. A number of tools allow users to test for supported SSL ciphers suites, but most only provide testers with a fixed set of cipher suites. Further testing is performed by initiating only an SSL socket connection with one cipher suite at a time, an inefficient approach that leads to false positives and often does not provide a clear picture of the true vulnerability of the server. SSLSmart is designed to combat these shortcomings.
-
20:40
»
Packet Storm Security Misc. Files
SSLSmart is an open source, highly flexible and interactive tool aimed at improving efficiency and reducing false positives during SSL testing. A number of tools allow users to test for supported SSL ciphers suites, but most only provide testers with a fixed set of cipher suites. Further testing is performed by initiating only an SSL socket connection with one cipher suite at a time, an inefficient approach that leads to false positives and often does not provide a clear picture of the true vulnerability of the server. SSLSmart is designed to combat these shortcomings.
-
-
10:00
»
Hack a Day
Here’s a fun video tour of a light testing facility. Admittedly, its not as fun as watching cell phones get abused, but it is interesting. The video is only about 6 minutes long, and is mostly a narrated slide show, but is full of information. There’s plenty to learn about the bulbs themselves, as well [...]
-
-
21:25
»
SecDocs
Authors:
Jarrod Loidl Tags:
penetration testing client side Event:
Ruxcon 2010 Abstract: This presentation aims to explain why security consultancies are losing the war in providing meaningful value to clients in Australia and what the security industry must do to affect positive change. Conversely, this talk will also cater to potential clients who wish to commission penetration tests what they need to do in order to gain the greatest value from them by creating an environment that is accepting of the problems and a willingness to properly remediate findings. This talk is not intended to pinpoint blame but rather provide an industry update with some context. While the conclusions can be debated, the evidence presented will be irrefutable that changes are needed. This presentation will be delivered by someone who has walked both sides of the fence - the client's side having hired multiple professional penetration testing teams and driven remediation efforts, to the consulting side and seeing the commercial realities facing consultancies and the pain experienced by multiple clients.
-
-
4:44
»
Packet Storm Security Recent Files
The Open Source Security Testing Methodology Manual 3.0 covering security testing, security analysis, operational security metrics, trust analysis, operational trust metrics, and the tactics required to define and build the best possible security over Physical, Data Network, Wireless, Telecommunications, and Human channels.
-
4:44
»
Packet Storm Security Misc. Files
The Open Source Security Testing Methodology Manual 3.0 covering security testing, security analysis, operational security metrics, trust analysis, operational trust metrics, and the tactics required to define and build the best possible security over Physical, Data Network, Wireless, Telecommunications, and Human channels.
-
-
11:59
»
SecDocs
-
11:40
»
SecDocs
-
-
3:08
»
SecDocs
Authors:
Thomas Wilhelm Tags:
penetration testing Event:
PhreakNIC 11 Abstract: Currently, those interested in learning how to professionally conduct Information System Penetration Tests have very little options available to them - they can either illegally attack Internet-connected systems, or create their own PenTest Lab. For those who prefer to avoid legal complications, they really only have the last option - a lab. However, this can be a very complicated and expensive alternative. In addition, scenarios have to be created that actually represent real-world scenarios; for a beginner this is a Catch-22 since they don't yet have the experience to even know what these scenarios might look like, let alone design them in a challenging way. In order to provide a simply way for both beginners and experts to improve their skills in Penetration Testing, I have designed what is, in effect, a Turn-Key Pen Test Lab using LiveCDs and minimal equipment requirements. The LiveCDs each represent different scenarios that mimic real-world systems and services, which provide essential challenges to improve critical skills in the field of Pen Testing.
-
-
1:47
»
SecDocs
-
-
20:40
»
Packet Storm Security Tools
XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.
-
-
17:15
»
Packet Storm Security Tools
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Cross Platform releases are all included in this file.
-
17:14
»
Packet Storm Security Recent Files
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Cross Platform releases are all included in this file.
-
-
12:53
»
Hack a Day
[Nicholas Petty] has posted a guide to setting up your iPhone as a penetration tester. You already carry it around with you and, although not too beefy, it does have the hardware you need to get the job done. So if you’re not interested in building a drone or carrying around a boxy access point [...]
-
-
9:00
»
Hack a Day
Inside this box you’ll find a La Fonera wireless access point. [Emeryth] and his band of miscreants built this portable device for WiFi security testing. The AP is running OpenWRT and has been set up to use the 16×4 character display as a terminal. An ATmega88 connects the LCD as well as six buttons to [...]
-
-
20:46
»
Packet Storm Security Tools
The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
-
-
17:12
»
SecDocs
Authors:
Manish Saindane Tags:
Java Event:
Black Hat EU 2010 Abstract: Many applications written in JAVA make use of Object Serialization to transfer full blown objects across the network via byte streams or to store them on the file system. While Penetration Testing applications communicating via Serialized Objects, current tools/application interception proxies allow very limited functionality to intercept and modify the requests and responses like in typical web applications. I'm trying to introduce a new technique to intercept such Serialized communication and modify it to perform penetration testing with almost the same ease as testing regular web applications. For achieving this I have developed a plug-in for Burp Suite as a proof-of-concept. What makes this technique unique is that it is completely seamless and gives the penetration tester the same control and power that an application developer has.
-
17:12
»
SecDocs
Authors:
Manish Saindane Tags:
Java Event:
Black Hat EU 2010 Abstract: Many applications written in JAVA make use of Object Serialization to transfer full blown objects across the network via byte streams or to store them on the file system. While Penetration Testing applications communicating via Serialized Objects, current tools/application interception proxies allow very limited functionality to intercept and modify the requests and responses like in typical web applications. I'm trying to introduce a new technique to intercept such Serialized communication and modify it to perform penetration testing with almost the same ease as testing regular web applications. For achieving this I have developed a plug-in for Burp Suite as a proof-of-concept. What makes this technique unique is that it is completely seamless and gives the penetration tester the same control and power that an application developer has.
-
-
21:00
»
Packet Storm Security Tools
The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution