«
Expand/Collapse
20 items tagged "pen"
Related tags:
plotter [+],
penetration [+],
pen plotter [+],
cnc [+],
vulnerability assessment [+],
tool [+],
testing [+],
site [+],
misc [+],
joomla [+],
euphy [+],
arduino [+],
world scenarios [+],
works of art [+],
web [+],
warszawa [+],
vulnerability assessments [+],
vulnerability [+],
vibrator [+],
vacuum [+],
under bench [+],
thomas wilhelm tags [+],
thomas wilhelm [+],
tester [+],
test reports [+],
television [+],
stepper motors [+],
spirograph [+],
soldering irons [+],
soda cans [+],
soda [+],
slower than molasses [+],
slides [+],
shield [+],
sensitive pen [+],
sand paper [+],
rochester ny [+],
rochester [+],
rob hemsley [+],
rca plugs [+],
rant [+],
pump [+],
printer [+],
post [+],
pete [+],
peripherals [+],
penetration tests [+],
pen15 club [+],
pen style [+],
pen holder [+],
paper scissors [+],
optical drive [+],
niklas roy [+],
news [+],
natural fun [+],
mpark [+],
michael schearer [+],
mechanics [+],
matrix [+],
material [+],
mapping [+],
line matrix printer [+],
larry [+],
jennifer lewis [+],
jennifer bernhard [+],
iron [+],
interlock [+],
ink [+],
indicator light [+],
illinois [+],
hemsley [+],
hd pen [+],
generator [+],
gantry [+],
dot matrix [+],
don [+],
digital [+],
different colors [+],
crt [+],
crayola [+],
counterweights [+],
conversion [+],
conductive ink [+],
colorstudio [+],
circuit prototyping [+],
circuit [+],
choice [+],
center [+],
bruno [+],
brian [+],
box [+],
belt pulleys [+],
audio synthesizer [+],
audio [+],
attiny [+],
attendees [+],
aquarium pump [+],
analog joystick [+],
alex [+],
Hardware [+],
hacks [+]
-
-
10:00
»
Hack a Day
In an effort to be more relevant to children that just aren’t impressed with crayons and markers anymore, Crayola released the ColorStudio HD pen. Instead of ink, this pen is filled with electronics that communicate with a tablet to draw different colors in the Crayola ColorStudio app. [Rob Hemsley] had done some work with capacitive [...]
-
-
5:01
»
Hack a Day
This center pivot pen plotter is an interesting take on the idea, and manages to somewhat simplify the fabrication when compared to a gantry-style built. Normally we’d see a gantry that travels on two rails, with a print head that moves along its length. Here the gantry is anchored on just one side, with a chain driven [...]
-
-
9:08
»
Hack a Day
A while back, we saw [Euphy]‘s polar pen plotter project. The mechanics of the build are very simple – just a pair of motors attached to a pen by a beaded cord. Even though the build is very simple, it’s possible to create awesome works of art albeit very slowly. Since we featured [Euphy]‘s polar pen [...]
-
-
6:01
»
Hack a Day
When we used to use firesticks (the pen style plug-in soldering irons) it was always a worry that we might leave them on. But now we use a base unit which has an indicator light to serve as a reminder. Still, [FoxxTexx] isn’t taking any chances and instead built this timer-based outlet which kills the [...]
-
-
14:01
»
Hack a Day
At first look we thought this was a plotter, but it’s really more of a dot matrix (or line matrix) printer. [Bruno] whipped this up using parts from a DVD optical drive. It is capable of moving the pen along the Z and X axes, and feeding the paper along the Y axis. The video [...]
-
-
12:24
»
Hack a Day
[Euphy] just posted and Instructable of his Polargraph drawing machine that’s able to draw huge images slower than molasses in November. The plotter only uses two stepper motors to control the position of the pen and can be made nearly entirely from salvaged parts – [Euphy] built his for just about £150. The Polargraph uses [...]
-
-
12:29
»
Hack a Day
This pen plotter, held together with structural epoxy, is an amazing piece of engineering, and almost as impressive as a bridge made entirely out of Bondo. [Brian] at the Rochester, NY hackerspace Interlock needed to build something for the BarCamp geek “unconference.” To lure BarCamp attendees over to the Interlock table, they needed a small [...]
-
-
8:01
»
Hack a Day
Here’s the latest project from [Niklas Roy's] workshop. Lumenoise is an audio synthesizer controlled by drawing with a light-sensitive pen on a CRT television. The pen is a self-contained module which connects to the TV via audio and composite video RCA plugs. Inside the clear pen housing you’ll find a microcontroller which generates the audio [...]
-
-
6:48
»
Hack a Day
For all you teledildonics enthusiasts, there’s a new Vibrator shield for the Arduino. It gets better: you can use the Pen15 shield with a Kinect for wholesome and natural fun at home. Decency and a ‘safe for work’ style prevents us from putting everything we know on the front page, so keep reading after the [...]
-
-
13:02
»
Hack a Day
If you’re paying big bucks for those floor-to-ceiling windows why not make them into a canvas for your art as well. Der Kritzler is a motorized plotter that can make this into a reality. It’s a laser-cut pen holder suspended from a pair belt pulleys. Those belts have counterweights, which make it easier for the [...]
-
-
16:01
»
Hack a Day
Why spend time etching circuit boards and applying solder masks when all you really need is a rollerball pen and some paper? That’s what University of Illinois professors [Jennifer Lewis and Jennifer Bernhard] were asking when they set off to research the possibility of putting conductive ink into a standard rollerball pen. The product of their [...]
-
-
19:14
»
Carnal0wnage
So first a disclaimer, i didnt listen to the referenced podcast, this is based solely of this blog post:
http://newschoolsecurity.com/2011/04/data-driven-pen-testsSo I’m listening to the “Larry, Larry, Larry” episode of the Risk Hose podcast, and Alex is talking about data-driven pen tests. I want to posit that pen tests are already empirical. Pen testers know what techniques work for them, and start with those techniques.
What we could use are data-driven pen test reports. “We tried X, which works in 78% of attempts, and it failed.”
We could also use more shared data about what tests tend to work.
Thoughts?
Dre's response to the post was surprising to me, he listed a bunch of tools that seem to do correlating of pentest results into a portal so you can trend over time. Cool idea, i'll give the people that. But to me when we start jumping into repeatable metrics driven stuff we are in Vulnerability Assessment land, not pentesting land.
Here is the comment I left:
I like the idea and i think it could be useful.However, they need to drop the pentest part. you are solidly into the vulnerability assessment part of things when you are talking about “ok, i tried 1,2,3,4,5 and 1 & 3 worked” ok on to the next set of tests… thats vulnerability assessment (with exploitation if you want to get technical) and not pentesting.
pentesting is about that human looking at the problem and figuring out how to break it, not some scanner, thats going to be very hard to standardize and put hard numbers on and i dont think its going to be possible without tying up your tester’s time with bullshit.
I'm all for "repeatable" pentests. You should have a methodology for each type of test, but when you are paying for human's time you should be paying for them to go after the site like a human would and not how a scanner would or not in a way where i'm worried about religiously following some checklist because if i don't the metrics get all fucked up. Your pentest should come after you have thrown the kitchen sink at it scanner wise.
as an added bonus this post was right below the new school post in my Google reader:
http://coding-insecurity.blogspot.com/2011/04/developing-good-methodology-part-3.htmlThis post and really any methodology document you will ever read or write will have gaps, because no document on this subject can ever really be 100% all inclusive of every vulnerability and the myriad of variations that exist for many of these.
I think it drives the point home as well.
-CG
-
-
5:04
»
Hack a Day
This shiny little box was made from a soda can. You don’t need much to pull this off; an aluminum can, sand paper, scissors, a ballpoint pen, a straight edge, and some time. The embossing is done with the tip of the pen, but there’s a bit of a trick to it. The designs are [...]
-
-
3:08
»
SecDocs
Authors:
Thomas Wilhelm Tags:
penetration testing Event:
PhreakNIC 11 Abstract: Currently, those interested in learning how to professionally conduct Information System Penetration Tests have very little options available to them - they can either illegally attack Internet-connected systems, or create their own PenTest Lab. For those who prefer to avoid legal complications, they really only have the last option - a lab. However, this can be a very complicated and expensive alternative. In addition, scenarios have to be created that actually represent real-world scenarios; for a beginner this is a Catch-22 since they don't yet have the experience to even know what these scenarios might look like, let alone design them in a challenging way. In order to provide a simply way for both beginners and experts to improve their skills in Penetration Testing, I have designed what is, in effect, a Turn-Key Pen Test Lab using LiveCDs and minimal equipment requirements. The LiveCDs each represent different scenarios that mimic real-world systems and services, which provide essential challenges to improve critical skills in the field of Pen Testing.
-
-
12:39
»
Hack a Day
The Agnewgraph I can turn out a pretty nice Spirograph drawing. Instead of relying on meticulously acurate CNC hardware, it uses a Spirograph stencil similiar to that business card we’re so fond of. The key to the [Mpark's] design is an analog joystick which is attached to the pen. As the pen follows the plastic [...]
-
-
7:39
»
Hack a Day
[Pete] has written up this in depth how-to on building a vacuum pick and place from an aquarium pump and a pen. The pump conversion to vacuum is extremely simple, with a slight modification to a valve being all that is necessary. The pen is only slightly more involved, but still extremely simple. This entire [...]
0day.today (was: 1337day, Inj3ct0r, 1337db) (159 unread)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Packet Storm Security Headlines
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Darknet
The Exploitant
Wirevolution