Hey there web pentesting enthusiasts! For today’s post, I decided to share my very own lists of common vulnerable web applications that are built by man and tested by nature for web penetration testing and hacking: DVWA (Dam Vulnerable Web Application) – this vulnerable PHP/MySQL web app… http://pentestlab.org/10-vulnerable-web-applications-you-can-play-with/

OData is a new data access protocol that is being adopted by many major software manufacturers such as Microsoft, IBM, and SAP but hasn’t been publically explored in terms of security. OData aims to provide a consistent access mechanism for data access from a variety of sources including but not … http://www.toolswatch.org/2012/08/blackhat-arsenal-2012-releases-oyedata-v0-1-for-odata-protocol-assessments/

A post within the "straight to the meat" category : There was a talk at Defcon 20 entitled "Defeating PPTP VPNs and WPA2 Enterprise with MS-CHAPv2", by Moxie and David Hulton – the talk announced the implementation of a tool that reduced the security of MS-CHAPv2 to the strength of a single … http://blog.zoller.lu/2012/08/what-you-need-to-know-about.html

We read in the papers the investigations around malware such as Stuxnet, Flame, Duqu and Mahdi. They are in the news daily with detailed code examples and methods of movement within the target information systems and devices. Anti-virus companies manage security firms and cyber security consultan… http://blogs.csoonline.com/security-industry/2295/transcript-video-flame-move-automated-cyber-espionage

Learning Goals: Practice WinDbg for Inspecting Kernel Data Structure • Use Packet Sniffer to Monitor Malware Network Activities • Understand Frequently Used Network Activities by Malware • Expose Hidden/Unreachable Control Flow of Malware Applicable to: Operating Syst… http://fumalwareanalysis.blogspot.kr/2012/08/malware-analysis-tutorial-31-exposing.html

MIRV (Metasploit’s Incident Response Vehicle) is a new tool (based on Metasploit’s meterpreter) which was created to address the perceived shortcomings in existing host-based incident response tools: they do not operate on large amounts of nodes, are difficult to get past change advisory boards t… http://www.toolswatch.org/2012/08/blackhat-arsenal-2012-releases-mirv-metasploits-incident-response-vehicle-released/

Kautilya is a toolkit and framework which allows usage of USB Human Interface Devices in Penetration Tests. The toolkit contains useful payloads and modules which could be used at different stages of a Penetration Test. Kautilya is tested with Teensy++ device but could be used with most of the HI… http://www.toolswatch.org/2012/08/blackhat-arsenal-2012-releases-kautilya-and-introducing-nishang-powershell-pentesting-scripts/

From MozillaWiki Jump to: navigation, search Inside Gaia everything is a Web Application, see Apps on MDN. When Gaia starts, the homescreen application is the first application displayed on the screen. The homescreen application reads all installed web applications and shows an icon for e… https://wiki.mozilla.org/Gaia/Hacking#ATTENTION_-_Desktop_builds_now_available

We have recently published an article (in Polish) about ransomware malware (mainly WheelsOf) spreading in Poland. This kind of ransomware was initally mentioned on the abuse.ch blog: https://www.abuse.ch/?p=3718. It demands 100 Euro or 500 PLN in order to unlock our computer. We also published a … Sent via Flipboard Enviado do tablet Samsung