Sunday, March 31, 2013
Cold water training.
I have achieved my goal of 10 minutes in ice water thanks to Wim Hof book becoming the iceman. I am pretty sure I will be at 30 minutes by next winter.
Saturday, February 23, 2013
Thursday, February 21, 2013
Links I like!! Capture the Flag/Wargames http://intruded.net/ http://intruded.net/ SmashTheStack Wargaming Network http://smashthestack.org/ flack & hkpco.kr http://flack.hkpco.kr/ HC's Capture the Flag site http://ctf.hcesperer.org/ The UCSB iCTF http://ictf.cs.ucsb.edu/ CTF Calendar http://capture.thefl.ag/calendar/ Cheat Sheets and Syntax Big Port DB | Cirt http://cirt.net/ports_dl.php?export=services Cheat Sheet : All Cheat Sheets in one page http://www.cheat-sheets.org/ Security Advancements at the Monastery » Blog Archive » What’s in Your Folder: Security Cheat Sheets http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/ Agile Hacking Agile Hacking: A Homegrown Telnet-based Portscanner | GNUCITIZEN http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/ Command Line Kung Fu http://blog.commandlinekungfu.com/ Simple yet effective: Directory Bruteforcing http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/ The Grammar of WMIC http://isc.sans.edu/diary.html?storyid=2376 Windows Command-Line Kung Fu with WMIC http://isc.sans.edu/diary.html?storyid=1229 Windows CMD Commands http://ss64.com/nt/ running a command on every mac http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html Syn: Command-Line Ninjitsu http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html WMIC, the other OTHER white meat. http://www.zonbi.org/?p=253 Hacking Without Tools: Windows - RST http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst Pentesting Ninjitsu 1 http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf Pentesting Ninjitsu 2 Infrastructure and Netcat without Netcat http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507 [PenTester Scripting] http://www.pentesterscripting.com/ windows-scripting-COM-tricks http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-hack-windows_33583 Advanced-Command-Exploitation http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf OS & Scripts IPv4 subnetting reference - Wikipedia, the free encyclopedia http://en.wikipedia.org/wiki/IPv4_subnetting_reference All the Best Linux Cheat Sheets http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/ SHELLdorado - Shell Tips & Tricks (Beginner) http://shelldorado.com/shelltips/beginner.html Linux Survival :: Where learning Linux is easy http://www.linuxsurvival.com/ BashPitfalls - Greg's Wiki http://mywiki.wooledge.org/BashPitfalls Rubular: a Ruby regular expression editor and tester http://rubular.com/ http://www.iana.org/assignments/port-numbers http://www.iana.org/assignments/port-numbers Useful commands for Windows administrators http://www.robvanderwoude.com/ntadmincommands.php Rubular: a Ruby regular expression editor http://rubular.com/ Tools netcat cheat sheet (ed skoudis) http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf nessus/nmap (older) http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf hping3 cheatsheet http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf Nmap 5 (new) http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf MSF, Fgdump, Hping http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf Metasploit meterpreter cheat sheet reference http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html Netcat cheat sheet http://h.ackack.net/cheat-sheets/netcat Conferences Information Security Conferences Calnedar https://www.google.com/calendar/embed?src=pe2ikdbe6b841od6e26ato0asc@group.calendar.google.com&gsessionid=OK Distros BackTrack Linux http://www.backtrack-linux.org/ Matriux http://www.matriux.com/ nUbuntu http://www.nubuntu.org/ Samurai Web Testing Framework http://samurai.inguardians.com/ OWASP Live CD Project http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project Pentoo https://pentoo.ch/ Katana http://www.hackfromacave.com/articles_and_adventures/katana_v2_release.html KON-BOOT http://www.piotrbania.com/all/kon-boot/ Welcome to Linux From Scratch! http://www.linuxfromscratch.org/ SUMO Linux http://sumolinux.suntzudata.com/ pentesting packages for ubuntu http://blog.0x0e.org/2009/11/20/pentesting-with-an-ubuntu-box/#comments BackBox Linux | Flexible Penetration Testing Distribution http://www.backbox.org/ Exploitation Intro Exploitation - it-sec-catalog - References to vulnerability exploitation stuff. - Project Hosting on Google Code http://code.google.com/p/it-sec-catalog/wiki/Exploitation Myne-us: From 0x90 to 0x4c454554, a journey into exploitation. http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html Past, Present, Future of Windows Exploitation | Abysssec Security Research http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/ Smash the Stack 2010 http://mariano-graziano.llab.it/docs/report.pdf The Ethical Hacker Network - Smashing The Modern Stack For Fun And Profit http://www.ethicalhacker.net/content/view/122/2/ x9090's Blog: [TUTORIAL] Exploit Writting Tutorial From Basic To Intermediate http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html X86 Opcode and Instruction Reference http://ref.x86asm.net/index.html Exploits and Advisories .:[ packet storm ]:. http://www.packetstormsecurity.org/ CVE - Common Vulnerabilities and Exposures (CVE) http://cve.mitre.org/ CVE security vulnerability database http://cvedetails.com/ NIST http://nvd.nist.gov/ Nullbyte.Org.IL http://www.nullbyte.org.il/Index.html OSVDB: The Open Source Vulnerability Database http://osvdb.org/ SecDocs IT Security and Hacking knowledge base http://secdocs.lonerunners.net/ Secunia.com http://secunia.com/ SecurityFocus http://www.securityfocus.com/bid SecurityForest http://www.securityforest.com/wiki/index.php/Main_Page The Exploit Database http://www.exploit-db.com/ Hacker Media Blogs worth it Carnal0wnage http://carnal0wnage.blogspot.com/ McGrew Security http://www.mcgrewsecurity.com/ Blog | GNUCITIZEN http://www.gnucitizen.org/blog/ Darknet http://www.darknet.org.uk/ spylogic.net http://www.spylogic.net/ TaoSecurity http://taosecurity.blogspot.com/ Room362.com http://www.room362.com/ SIPVicious http://blog.sipvicious.org/ PortSwigger.net http://blog.portswigger.net/ Blog - pentestmonkey.net http://pentestmonkey.net/blog/ Jeremiah Grossman http://jeremiahgrossman.blogspot.com/ omg.wtf.bbq. http://i8jesus.com/ CатÑн²² (in)sеÑuÑitу http://blog.c22.cc/ SkullSecurity http://www.skullsecurity.org/blog/ Metasploit http://blog.metasploit.com/ Security and Networking http://www.darkoperator.com/ Skeptikal.org http://blog.skeptikal.org/ Digital Soapbox http://preachsecurity.blogspot.com/ tssci security http://www.tssci-security.com/ Blog - Gotham Digital Science http://www.gdssecurity.com/l/b/ Reiners’ Weblog http://websec.wordpress.com/ Bernardo Damele A. G. http://bernardodamele.blogspot.com/ Laramies Corner http://laramies.blogspot.com/ Attack and Defense Labs http://blog.andlabs.org/ Billy (BK) Rios http://xs-sniper.com/blog/ Common Exploits http://www.commonexploits.com/ extern blog SensePost; http://www.sensepost.com/blog/ Weapons of Mass Analysis http://wepma.blogspot.com/ Exploit KB http://exploit.co.il/ Security Reliks http://securityreliks.wordpress.com/ MadIrish.net http://www.madirish.net/index.html sirdarckcat http://sirdarckcat.blogspot.com/ Reusable Security http://reusablesec.blogspot.com/ Myne-us http://myne-us.blogspot.com/ www.notsosecure.com http://www.notsosecure.com/folder2/ SpiderLabs Anterior http://blog.spiderlabs.com/ Corelan Team | Peter Van Eeckhoutte (corelanc0d3r) http://www.corelan.be/ DigiNinja http://www.digininja.org/ Home Of PaulDotCom Security Podcast http://www.pauldotcom.com/ Attack Vector http://www.attackvector.org/ deviating.net http://deviating.net/ Alpha One Labs http://www.alphaonelabs.com/ SmashingPasswords.com http://www.smashingpasswords.com/ wirewatcher http://wirewatcher.wordpress.com/ gynvael.coldwind//vx.log http://gynvael.coldwind.pl/ Nullthreat Security http://www.nullthreat.net/ Archangel Amael's BT Tutorials http://archangelamael.blogspot.com/ memset's blog http://memset.wordpress.com/ ihasomgsecurityskills http://sickness.tor.hu/ punter-infosec http://punter-infosec.com/ Security Ninja http://www.securityninja.co.uk/ Security and risk http://securityandrisk.blogspot.com/ GRM n00bs http://www.grmn00bs.com/ Kioptrix http://www.kioptrix.com/blog/ ::eSploit:: http://esploit.blogspot.com/ PenTestIT — Your source for Information Security Related information! http://www.pentestit.com/ Forums BackTrack Forums http://www.backtrack-linux.org/forums/ EliteHackers.info http://www.elitehackers.info/forums/ InterN0T forum http://forum.intern0t.net/ Government Security http://www.governmentsecurity.org/forum/ Hack This Site Forum http://www.hackthissite.org/forums/index.php iExploit Hacking Forum http://www.iexploit.org/ Security Override http://securityoverride.com/forum/index.php bright-shadows.net http://bright-shadows.net/ ethicalhacker.net http://www.ethicalhacker.net/ sla.ckers.org http://sla.ckers.org/forum/index.php Magazines (IN)SECURE Magazine http://www.net-security.org/insecuremag.php http://hakin9.org/ http://hakin9.org/ Video The Hacker News Network http://www.hackernews.com/ Security Tube http://www.securitytube.net/ Irongeek -Hacking Illustrated http://www.irongeek.com/i.php?page=videos/aide-winter-2011 SecCon Archive http://avondale.good.net/dl/bd/ 27c3-stream/releases/mkv http://achtbaan.nikhef.nl/27c3-stream/releases/mkv/ YouTube - ChRiStIaAn008's Channel http://www.youtube.com/user/ChRiStIaAn008 YouTube - HackingCons's Channel http://www.youtube.com/user/HackingCons Labs ISO's / VMs Web Security Dojo http://sourceforge.net/projects/websecuritydojo/ OWASP Broken Web applications Project http://code.google.com/p/owaspbwa/wiki/ProjectSummary Pentest Live CDs http://heorot.net/livecds/ NETinVM http://informatica.uv.es/~carlos/docencia/netinvm/ :: moth - Bonsai Information Security :: http://www.bonsai-sec.com/en/research/moth.php Metasploit: Introducing Metasploitable http://blog.metasploit.com/2010/05/introducing-metasploitable.html Holynix pen-test distribution http://pynstrom.net/holynix.php WackoPico http://gnacktrack.co.uk/download.php LAMPSecurity http://sourceforge.net/projects/lampsecurity/files/ Hacking-Lab.com LiveCD http://www.hacking-lab.com/news/newspage/livecd-v4.3-available.html Virtual Hacking Lab http://sourceforge.net/projects/virtualhacking/files/ Badstore.net http://www.badstore.net/ Mutillidae: A Deliberately Vulnerable Set Of PHP Scripts http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10 Damn Vulnerable Web App - DVWA http://www.dvwa.co.uk/ The ButterFly - Security Project http://sourceforge.net/projects/thebutterflytmp/ pWnOS about:blank Vulnerable Software Old Version Downloads - OldApps.com http://www.oldapps.com/ OldVersion.com http://www.oldversion.com/ Web Application exploits, php exploits, asp exploits http://www.exploit-db.com/webapps/ wavsep - Web Application Vulnerability Scanner Evaluation Project http://code.google.com/p/wavsep/downloads/list OWASP SiteGenerator - OWASP http://www.owasp.org/index.php/Owasp_SiteGenerator Hacme Books | McAfee Free Tools http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx Hacme Casino v1.0 | McAfee Free Tools http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx Hacme Shipping | McAfee Free Tools http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx Hacme Travel | McAfee Free Tools http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx Test Sites Test Site http://www.webscantest.com/ CrackMeBank Investments http://crackme.cenzic.com/Kelev/view/home.php http://zero.webappsecurity.com http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com acublog news http://testaspnet.vulnweb.com/ acuforum forums http://testasp.vulnweb.com/ Home of Acunetix Art http://testphp.vulnweb.com/ Altoro Mutual http://demo.testfire.net/ NT OBJECTives http://hackme.ntobjectives.com/ Methodologies Penetration Testing Framework http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html The Penetration Testing Execution Standard http://www.pentest-standard.org/index.php/Main_Page Web Application Security Consortium (WASC) http://www.webappsec.org/projects/threat/ OWASP top 10 http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project social-engineer.org http://www.social-engineer.org/ misc/unsorted http://www.ikkisoft.com/stuff/SMH_XSS.txt http://www.ikkisoft.com/stuff/SMH_XSS.txt XFS 101: Cross-Frame Scripting Explained | SecureState Information Security Blog http://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utm_source=twitterfeed&utm_medium=twitter What The Fuck Is My Information Security Strategy? http://whatthefuckismyinformationsecuritystrategy.com/ OWASP_DanielCutbert_Evolution_WebAppPenTest.mp4 http://video.google.com/videoplay?docid=4379894308228900017&q=owasp# DeepSec 2007 - Aaron Portnoy Cody Pierce - RPC Auditing Tools and Techniques http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec# extern blog SensePost; http://www.sensepost.com/blog/4552.html Zen One: PCI Compliance - Disable SSLv2 and Weak Ciphers http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html HD Moore on Metasploit, Exploitation and the Art of Pen Testing | threatpost http://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210 Network Time Protocol (NTP) Fun | carnal0wnage.attackresearch.com http://carnal0wnage.attackresearch.com/node/410 black-box-scanners-dimva2010.pdf (application/pdf Object) http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf Database_Pen_Testing_ISSA_March_25_V2.pdf (application/pdf Object) http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf Stupid htaccess Tricks • Perishable Press http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/ MitM Introduction to dsniff - GIAC Certified Student Practical http://www.giac.org/certified_professionals/practicals/gsec/0810.php dsniff-n-mirror.pdf (application/pdf Object) http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf dsniff.pdf (application/pdf Object) http://www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf A Hacker's Story: Let me tell you just how easily I can steal your personal data - Techvibes.com http://www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data ECCE101.pdf (application/pdf Object) http://www.mindcenter.net/uploads/ECCE101.pdf 3.pdf (application/pdf Object) http://toorcon.org/pres12/3.pdf Seven_Deadliest_UC_Attacks_Ch3.pdf (application/pdf Object) http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf cracking-air.pdf (application/pdf Object) http://packetstormsecurity.org/papers/wireless/cracking-air.pdf bh-europe-03-valleri.pdf (application/pdf Object) http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf Costa.pdf (application/pdf Object) http://www.oact.inaf.it/ws-ssri/Costa.pdf defcon-17-sam_bowne-hijacking_web_2.0.pdf (application/pdf Object) http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf Live_Hacking.pdf (application/pdf Object) http://mcafeeseminar.com/focus/downloads/Live_Hacking.pdf PasstheParcel-MITMGuide.pdf (application/pdf Object) http://www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf 2010JohnStrandKeynote.pdf (application/pdf Object) http://www.more.net/sites/default/files/2010JohnStrandKeynote.pdf 18.Ettercap_Spoof.pdf (application/pdf Object) http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf EtterCap ARP Spoofing & Beyond.pdf (application/pdf Object) http://bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing%20&%20Beyond.pdf Fun With EtterCap Filters.pdf (application/pdf Object) http://bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap%20Filters.pdf The_Magic_of_Ettercap.pdf (application/pdf Object) http://www.iac.iastate.edu/iasg/libarchive/0910/The_Magic_of_Ettercap/The_Magic_of_Ettercap.pdf arp_spoofing.pdf (application/pdf Object) http://articles.manugarg.com/arp_spoofing.pdf Ettercap(ManInTheMiddleAttack-tool).pdf (application/pdf Object) http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf ICTSecurity-2004-26.pdf (application/pdf Object) http://www.ucci.it/docs/ICTSecurity-2004-26.pdf ettercap_Nov_6_2005-1.pdf (application/pdf Object) http://web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My%20Cyber%20Attack%20Papers_files/ettercap_Nov_6_2005-1.pdf MadIrish.net Mallory is More than a Proxy http://www.madirish.net/?article=470 Thicknet: It does more than Oracle, Steve Ocepek securityjustice on USTREAM. Computers http://www.ustream.tv/recorded/12777183 OSINT Presentations Enterprise Open Source Intelligence Gathering – Part 1 Social Networks — spylogic.net http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/ Enterprise Open Source Intelligence Gathering – Part 2 Blogs, Message Boards and Metadata — spylogic.net http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%e2%80%93-part-2-blogs-message-boards-and-metadata/ Enterprise Open Source Intelligence Gathering – Part 3 Monitoring and Social Media Policies — spylogic.net http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/ Tactical Information Gathering http://www.slideshare.net/Laramies/tactical-information-gathering document_metadata_the_silent_killer__32974 (application/pdf Object) http://www.sans.org/reading_room/whitepapers/privacy/document_metadata_the_silent_killer__32974 footprinting - passive information gathering before a pentest http://infond.blogspot.com/2010/05/toturial-footprinting.html People and Orginizational spokeo.com - People Search http://www.spokeo.com/ 123people.com http://www.123people.com/ Spoke.com - Business Directory http://www.spoke.com/ Business Network - Social Network for Business Professionals http://www.xing.com/ ZoomInfo http://zoominfo.com/ Pipl - People Search http://pipl.com/ Free People Search by ZabaSearch! http://www.zabasearch.com/ Free People Finder and Company Search | SearchBug http://www.searchbug.com/default.aspx Free People Search http://skipease.com/ Addictomatic: Inhale the Web http://addictomatic.com/ Real Time Search - Social Mention http://socialmention.com/ EntityCube http://entitycube.research.microsoft.com/ yasni.com | No. 1 free people search - Find anyone on the web http://www.yasni.com/ Tweepz.com - search, find and discover interesting people on twitter http://tweepz.com/ TweepSearch :: Twitter Profile and Bio Search http://tweepsearch.com/ Glassdoor.com - Company Salaries and Reviews http://www.glassdoor.com/index.htm Jigsaw Business Contact Directory http://www.jigsaw.com/ Full Text Search http://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp TinEye Reverse Image Search http://www.tineye.com/ PeekYou http://www.peekyou.com/ PicFog - Quick Image Search http://picfog.com/ Twapper Keeper - "We save tweets" - Archive Tweets http://twapperkeeper.com/index.php White Pages | Email Lookup | People Find Tools at The Ultimates http://theultimates.com/ Infastructure Netcraft Uptime Survey http://uptime.netcraft.com/ SHODAN - Computer Search Engine http://www.shodanhq.com/ Domain Tools: Whois Lookup and Domain Suggestions http://www.domaintools.com/ Free online network utilities - traceroute, nslookup, automatic whois lookup, ping, finger http://centralops.net/co/ http://hackerfantastic.com/ http://hackerfantastic.com/ WHOIS and Reverse IP Service http://whois.webhosting.info/ MSN IP Search javascript:document.location%20=%20'http://ha.ckers.org/weird/ipsearch.cgi?'%20+%20document.domain SSL Labs - Projects / Public SSL Server Database - SSL Server Test https://www.ssllabs.com/ssldb/analyze.html MyIPNeighbors Reverse IP Lookup http://www.my-ip-neighbors.com/ Google Hacking Database, GHDB, Google Dorks http://www.exploit-db.com/google-dorks/ Domain - reports and all about ips, networks and dns http://www.serversniff.net/index.php net toolkit::index http://clez.net/ IHS | GHDB http://www.hackersforcharity.org/ghdb/ Passwords and Hashes Password Exploitation Class http://www.irongeek.com/i.php?page=videos/password-exploitation-class Default Passwords Database http://cirt.net/passwords Sinbad Security Blog: MS SQL Server Password Recovery http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html Foofus Networking Services - Medusa::SMBNT http://www.foofus.net/~jmk/medusa/medusa-smbnt.html LM/NTLM Challenge / Response Authentication - Foofus.Net Security Stuff http://www.foofus.net/?page_id=63 MD5 Crackers | Password Recovery | Wordlist Downloads http://hashcrack.blogspot.com/ Password Storage Locations For Popular Windows Applications http://www.nirsoft.net/articles/saved_password_location.html Online Hash Crack MD5 / LM / NTLM / SHA1 / MySQL - Passwords recovery - Reverse hash lookup Online - Hash Calculator http://www.onlinehashcrack.com/ Requested MD5 Hash queue http://www.md5this.com/list.php? Virus.Org http://www.virus.org/default-password Default Password List http://www.phenoelit-us.org/dpl/dpl.html Electric Alchemy: Cracking Passwords in the Cloud: Breaking PGP on EC2 with EDPR http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html Wordlists "Crack Me If You Can" - DEFCON 2011 http://contest.korelogic.com/wordlists.html Packet Storm Word Lists http://packetstormsecurity.org/Crackers/wordlists/ Passwords - SkullSecurity http://www.skullsecurity.org/wiki/index.php/Passwords Index of /passwd/passwords http://www.ericheitzman.com/passwd/passwords/ Pass the Hash pass-the-hash-attacks-tools-mitigation_33283 (application/pdf Object) http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283 crack-pass-hash_33219 (application/pdf Object) http://www.sans.org/reading_room/whitepapers/testing/crack-pass-hash_33219 Reverse Engineering & Malware TiGa's IDA Video Tutorial Site http://www.woodmann.com/TiGa/idaseries.html Binary Auditing http://www.binary-auditing.com/ http://visi.kenshoto.com/ http://visi.kenshoto.com/ radare http://www.radare.org/y/ Offensive Computing | Community Malicious code research and analysis http://www.offensivecomputing.net/ Tools OSINT Edge-Security - theHarvester- Information Gathering http://www.edge-security.com/theHarvester.php DNSTRACER man-page http://www.mavetju.org/unix/dnstracer-man.php Maltego 3 http://www.paterva.com/web5/ Metadata document-metadata-silent-killer_32974 (application/pdf Object) http://www.sans.org/reading_room/whitepapers/privacy/document-metadata-silent-killer_32974 [strike out] http://lcamtuf.coredump.cx/strikeout/ ExifTool by Phil Harvey http://www.sno.phy.queensu.ca/~phil/exiftool/ Edge-Security - Metagoofil - Metadata analyzer - Information Gathering http://www.edge-security.com/metagoofil.php Security and Networking - Blog - Metadata Enumeration with FOCA http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html Google Hacking Midnight Research Labs - SEAT http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads Google Hacking Diggity Project « Stach & Liu http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/ dorkScan.py http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html Web BeEF http://www.bindshell.net/tools/beef BlindElephant Web Application Fingerprinter http://blindelephant.sourceforge.net/ XSSer: automatic tool for pentesting XSS attacks against different applications http://xsser.sourceforge.net/ RIPS | Download RIPS software for free at SourceForge.net http://sourceforge.net/projects/rips-scanner/ http://www.divineinvasion.net/authforce/ http://www.divineinvasion.net/authforce/ Attack and Defense Labs - Tools http://andlabs.org/tools.html#sotf Browser_Exploitation_for_Fun&Profit http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf Using sqid (SQL Injection Digger) to look for SQL Injection http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html pinata-CSRF-tool http://code.google.com/p/pinata-csrf-tool/ XSSer: automatic tool for pentesting XSS attacks against different applications http://xsser.sourceforge.net/#intro Clickjacker http://www.contextis.co.uk/resources/tools/clickjacking-tool/ unicode-fun.txt ≈ Packet Storm http://packetstormsecurity.org/files/view/69896/unicode-fun.txt WebService-Attacker http://sourceforge.net/projects/ws-attacker/files/ Attack Strings fuzzdb - Project Hosting on Google Code http://code.google.com/p/fuzzdb/ OWASP Fuzzing Code Database - OWASP http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements Shells SourceForge.net: Yokoso! http://sourceforge.net/projects/yokoso/ AJAX/PHP Command Shell http://sourceforge.net/projects/ajaxshell/ Scanners w3af - Web Application Attack and Audit Framework http://w3af.sourceforge.net/ skipfish - Project Hosting on Google Code http://code.google.com/p/skipfish/ sqlmap: automatic SQL injection tool http://sqlmap.sourceforge.net/ SQID - SQL Injection digger http://sqid.rubyforge.org/#next http://www.packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt http://www.packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt WindowsAttack - fimap - Windows Attacking Example - Project Hosting on Google Code http://code.google.com/p/fimap/wiki/WindowsAttack fm-fsf - Project Hosting on Google Code http://code.google.com/p/fm-fsf/ Websecurify http://www.websecurify.com/ News :: Arachni - Web Application Security Scanner Framework http://arachni.segfault.gr/news rfiscan ≈ Packet Storm http://packetstormsecurity.org/UNIX/scanners/rfiscan2.py.txt lfi-rfi2 scanner ≈ Packet Storm http://packetstormsecurity.org/UNIX/scanners/lfi-rfi2.txt inspathx – Tool For Finding Path Disclosure Vulnerabilities http://www.darknet.org.uk/2010/09/inspathx-tool-for-finding-path-disclosure-vulnerabilities/ DotDotPwn - The Directory Traversal Fuzzer 2.1 ≈ Packet Storm http://packetstormsecurity.org/files/view/95399/dotdotpwn-v2.1.tar.gz Proxies Burp fuzzing-approach-credentials-discovery-burp-intruder_33214 (application/pdf Object) http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder_33214 Constricting the Web: The GDS Burp API - Gotham Digital Science http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/ Browse Belch - Burp External Channel v1.0 Files on SourceForge.net http://sourceforge.net/projects/belch/files/ Burp Suite Tutorial – Repeater and Comparer Tools « Security Ninja http://www.securityninja.co.uk/burp-suite-tutorial-repeater-and-comparer-tools w3af in burp http://blog.ombrepixel.com/ Attack and Defense Labs - Tools http://andlabs.org/tools.html#dser burp suite tutorial - English http://feoh.tistory.com/22 Moses Pelham http://www.facebook.com/mosespelham SensePost - reDuh - HTTP Tunneling Proxy http://www.sensepost.com/labs/tools/pentest/reduh OWASP WebScarab NG Project - OWASP http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project Mallory: Transparent TCP and UDP Proxy – Intrepidus Group - Insight http://intrepidusgroup.com/insight/mallory/ Fiddler Web Debugger - A free web debugging tool http://www.fiddler2.com/fiddler2/ Watcher: Web security testing tool and passive vulnerability scanner http://websecuritytool.codeplex.com/documentation?referringTitle=Home X5S http://translate.google.com/translate?hl=en&sl=es&u=http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3Dhttp://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1 koto/squid-imposter - GitHub https://github.com/koto/squid-imposter Social Engineering Social Engineering Toolkit http://www.secmaniac.com/ Password Ncrack http://nmap.org/ncrack/ Medusa http://www.foofus.net/jmk/medusa/medusa.html JTR http://www.openwall.com/john/ Ophcrack http://ophcrack.sourceforge.net/ keimpx in action | 0x3f http://blog.0x3f.net/tool/keimpx-in-action/ keimpx - Project Hosting on Google Code http://code.google.com/p/keimpx/ hashkill http://sourceforge.net/projects/hashkill/ Metasploit markremark: Reverse Pivots with Metasploit - How NOT to make the lightbulb http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html WmapNikto - msf-hack - One-sentence summary of this page. - Project Hosting on Google Code http://code.google.com/p/msf-hack/wiki/WmapNikto markremark: Metasploit Visual Basic Payloads in action http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html Metasploit Mailing List http://seclists.org/metasploit/ PaulDotCom: Archives http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html OpenSSH-Script for meterpreter available ! http://meterpreter.illegalguy.hostzi.com/ Metasploit: Automating the Metasploit Console http://blog.metasploit.com/2010/03/automating-metasploit-console.html 561 http://www.workrobot.com/sansfire2009/561.html Deploying Metasploit as a Payload on a Rooted Box Tutorial http://securitytube.net/Deploying-Metasploit-as-a-Payload-on-a-Rooted-Box-video.aspx Metasploit/MeterpreterClient - Wikibooks, collection of open-content textbooks http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download SecTor 2010 - HD Moore - Beyond Exploits on Vimeo http://vimeo.com/16852783 XLSinjector « Milo2012's Security Blog http://milo2012.wordpress.com/2009/09/27/xlsinjector/ Armitage - Cyber Attack Management for Metasploit http://www.fastandeasyhacking.com/ Nsploit http://trac.happypacket.net/ neurosurgery-with-meterpreter http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf (automating msf) UAV-slides.pdf http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf MSF Exploits or Easy Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=12204 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=11413 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=18021 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=26918 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=34821 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=22194 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=34476 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=25168 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=19408 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=21564 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=10862 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=26925 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=29314 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=23643 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=12052 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=34477 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=15962 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=42106 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=15456 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=21689 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=12205 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=22182 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=26919 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=26921 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=21696 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=40887 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=10404 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=18027 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=19402 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=11790 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=12209 Tenable Network Security http://www.nessus.org/plugins/index.php?view=single&id=10673 NSE Nmap Scripting Engine Primer Tutorial http://securitytube.net/Nmap-Scripting-Engine-Primer-video.aspx NSEDoc Reference Portal http://nmap.org/nsedoc/ Net Scanners & Scripts Nmap http://nmap.org/ Information Gathering With Nmap « Penetration Testing Lab http://pentestlab.wordpress.com/2013/02/16/information-gathering-with-nmap/?goback=%2Egde_4217258_member_214808738 sambascan2 - SMB scanner http://asturio.gmxhome.de/software/sambascan2/i.html SoftPerfect Network Scanner http://www.softperfect.com/products/networkscanner/ OpenVAS http://www.openvas.org/ Nessus Community | Tenable Network Security http://tenable.com/products/nessus Nexpose Community | Rapid7 http://www.rapid7.com/vulnerability-scanner.jsp Retina Community http://www.eeye.com/products/retina/community Post Exploitation http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py Metacab | PHX2600 http://www.phx2600.org/archive/2008/08/29/metacab/ Netcat Re: Your favorite Ncat/nc/Netcat trick? - ReadList.com http://readlist.com/lists/insecure.org/nmap-dev/1/7779.html ads.pdf (application/pdf Object) http://www.radarhack.com/tutorial/ads.pdf Netcat_for_the_Masses_DDebeer.pdf (application/pdf Object) http://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdf netcat_cheat_sheet_v1.pdf (application/pdf Object) http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf socat http://www.dest-unreach.org/socat/ NetCat tutorial: Day1 [Archive] - Antionline Forums - Maximum Security for a Connected World http://www.antionline.com/archive/index.php/t-230603.html Netcat tricks « Jonathan’s Techno-tales http://technotales.wordpress.com/2009/06/14/netcat-tricks/ Nmap Development: Re: Your favorite Ncat/nc/Netcat trick? http://seclists.org/nmap-dev/2009/q1/581 Few Useful Netcat Tricks « Terminally Incoherent http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/ Skoudis_pentestsecrets.pdf (application/pdf Object) http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf Cracked, inSecure and Generally Broken: Netcat http://gse-compliance.blogspot.com/2008/07/netcat.html Ncat for Netcat Users http://junker.org/~tkh16/ncat-for-netcat-users.php Source Inspection Graudit - Just Another Hacker http://www.justanotherhacker.com/projects/graudit.html javasnoop - Project Hosting on Google Code http://code.google.com/p/javasnoop/ Firefox Addons David's Pen Testing (Security) Collection :: Collections :: Pengaya untuk Firefox https://addons.mozilla.org/id/firefox/collections/byrned/pentesting/?page=8 OSVDB :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/osvdb/ Packet Storm search plugin. :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/packet-storm-search-plugin/ Default Passwords - CIRT.net :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786/ Offsec Exploit-db Search :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/ OVAL repository search plugin :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/oval-repository-search-plugin/ CVE ® dictionary search plugin :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/cve-dictionary-search-plugin/ HackBar :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/hackbar/ Tool Listings .:[ packet storm ]:. - tools http://www.packetstormsecurity.org/tools100.html Security and Hacking Tools http://tools.securitytube.net/index.php?title=Main_Page Training/Classes Sec / Hacking Penetration Testing and Vulnerability Analysis - Home http://pentest.cryptocity.net/ Network Sniffers Class for the Kentuckiana ISSA 2011 (Hacking Illustrated Series InfoSec Tutorial Videos) http://www.irongeek.com/i.php?page=videos/network-sniffers-class CNIT 124: Advanced Ethical Hacking -- Sam Bowne http://samsclass.info/124/124_Sum09.shtml CS 279 - Advanced Topics in Security http://www.cs.ucsb.edu/~vigna/courses/cs279/ CS142 Web Programming and Security - Stanford http://crypto.stanford.edu/cs142/ CS155 Computer and Network Security - Stanford http://crypto.stanford.edu/cs155/ CSE 227: Computer Security - UCSD http://cseweb.ucsd.edu/classes/wi09/cse227/ CS 161: Computer Security - UC Berkley http://www-inst.eecs.berkeley.edu/~cs161/sp11/ Security Talks - UCLA http://security.ucla.edu/pages/Security_Talks CSCI 4971 Secure Software Principles - RPI http://www.cs.rpi.edu/academics/courses/spring10/csci4971/ MCS 494 UNIX Security Holes http://cr.yp.to/2004-494.html Software Security - CMU http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/ T-110.6220 Special Topics in Ifocsec -TKK https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot Sec and Infosec Related - MIT http://stuff.mit.edu/iap/2009/#websecurity Metasploit Metasploit Unleashed http://www.offensive-security.com/metasploit-unleashed/ Metasploit Class Videos (Hacking Illustrated Series InfoSec Tutorial Videos) http://www.irongeek.com/i.php?page=videos/metasploit-class Metasploit Megaprimer 300+ mins of video http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/ Metasploit Tips and Tricks - Ryan Linn http://vimeo.com/16925188 OffSecOhioChapter, Metasploit Class2 - Part1 http://www.ustream.tv/recorded/13396511 OffSecOhioChapter, Metasploit Class2 - Part2 http://www.ustream.tv/recorded/13397426 OffSecOhioChapter, Metasploit Class2 - Part3 http://www.ustream.tv/recorded/13398740 Programming Python Google's Python Class - Google's Python Class - Google Code http://code.google.com/edu/languages/google-python-class/index.html Python en:Table of Contents - Notes http://www.swaroopch.com/notes/Python_en:Table_of_Contents TheNewBoston – Free Educational Video Tutorials on Computer Programming and More! » Python http://www.thenewboston.com/?cat=40&pOpen=tutorial Python Videos, Tutorials and Screencasts http://showmedo.com/videotutorials/python Learning Python Programming Language Through Video Lectures - good coders code, great reuse http://www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/ Ruby Video Tutorials - Technology Demonstrations - tekniqal.com http://www.tekniqal.com/ Other/Misc CS490 Windows Internals http://www.cs.sjtu.edu.cn/~kzhu/cs490/ T-110.6220 Lectures - Noppa - TKK https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/ Index of /edu/training/ss/lecture/new-documents/Lectures http://i-web.i.u-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/  InfoSec Resources http://resources.infosecinstitute.com/ Robert Hansen on Vimeo http://vimeo.com/user2720399 Web Vectors SQLi MSSQL Injection Cheat Sheet - pentestmonkey.net http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/ SQL Injection Cheat Sheet http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/ EvilSQL Cheatsheet http://www.evilsql.com/main/index.php RSnake SQL Injection Cheatsheet http://ha.ckers.org/sqlinjection/ Mediaservice.net SQLi Cheatsheet http://lab.mediaservice.net/notes_more.php?id=MSSQL MySQL Injection Cheat Sheet http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/ Full MSSQL Injection PWNage http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html MS Access SQL Injection Cheat Sheet » krazl - â„¢ ķЯαž£ â„¢ - bloggerholic http://www.krazl.com/blog/?p=3 MS Access SQL Injection Cheat Sheet http://web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html Penetration Testing: Access SQL Injection http://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html Testing for MS Access - OWASP http://www.owasp.org/index.php/Testing_for_MS_Access Security Override - Articles: The Complete Guide to SQL Injections http://securityoverride.com/articles.php?article_id=1&article=The_Complete_Guide_to_SQL_Injections Obfuscated SQL Injection attacks http://isc.sans.edu/diary.html?storyid=9397 Exploiting hard filtered SQL Injections « Reiners’ Weblog http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/ SQL Injection Attack http://sqlzoo.net/hack/ YouTube - Joe McCray - Advanced SQL Injection - LayerOne 2009 http://www.youtube.com/watch?v=WkHkryIoLD0 Joe McCray - Advanced SQL Injection - L1 2009.pdf (application/pdf Object) http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf Joseph McCray SQL Injection http://vimeo.com/3418947 sla.ckers.org web application security forum :: Obfuscation :: SQL filter evasion http://sla.ckers.org/forum/read.php?24,33903 sqli2.pdf (application/pdf Object) http://websec.files.wordpress.com/2010/11/sqli2.pdf SQL Server Version - SQLTeam.com http://www.sqlteam.com/article/sql-server-versions Overlooked SQL Injection 20071021.pdf (application/pdf Object) http://www.securityexperiment.com/se/documents/Overlooked%20SQL%20Injection%2020071021.pdf SQLInjectionCommentary20071021.pdf (application/pdf Object) http://www.securityexperiment.com/se/documents/SQLInjectionCommentary20071021.pdf uploadtricks bypassing upload file type - Google Search http://www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ecf4f91972 Skeptikal.org: Adobe Responds... Sort Of http://blog.skeptikal.org/2009/11/adobe-responds-sort-of.html Secure File Upload in PHP Web Applications | INSIC DESIGNS http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/ Stupid htaccess Tricks • Perishable Press http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/ Tricks and Tips: Bypassing Image Uploaders. - By: t3hmadhatt3r http://ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/ Security FCKeditor ADS File Upload Vulnerability - Windows Only http://www.ravenphpscripts.com/article2974.html Cross Site Scripting scanner – Free XSS Security Scanner http://www.acunetix.com/cross-site-scripting/scanner.htm VUPEN - Microsoft IIS File Extension Processing Security Bypass Vulnerability / Exploit (Security Advisories - VUPEN/ADV-2009-3634) http://www.vupen.com/english/advisories/2009/3634 Uploading Files Using the File Field Control http://msdn.microsoft.com/en-us/library/aa478971.aspx TangoCMS - Security #237: File Upload Filter Bypass in TangoCMS <=2.5.0 - TangoCMS Project http://dev.tangocms.org/issues/237 Full Disclosure: Zeroboard File Upload & extension bypass Vulnerability http://seclists.org/fulldisclosure/2006/Jun/508 Cross-site File Upload Attacks | GNUCITIZEN http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/ TikiWiki jhot.php Script File Upload Security Bypass Vulnerability http://www.ipolicynetworks.com/technology/files/TikiWiki_jhot.php_Script_File_Upload_Security_Bypass_Vulnerability.html FileUploadSecurity - SH/SC Wiki http://shsc.info/FileUploadSecurity LFI/RFI http://pastie.org/840199 http://pastie.org/840199 Exploiting PHP File Inclusion – Overview « Reiners’ Weblog http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ LFI..Code Exec..Remote Root! http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utm_source=twitterfeed&utm_medium=twitter Local File Inclusion – Tricks of the Trade « Neohapsis Labs http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/ Blog, When All You Can Do Is Read - DigiNinja http://www.digininja.org/blog/when_all_you_can_do_is_read.php XSS The Anatomy of Cross Site Scripting http://www.infosecwriters.com/hhworld/hh8/csstut.htm Whitepapers - www.technicalinfo.net http://www.technicalinfo.net/papers/CSS.html Cross-Site Scripting (XSS) – no script required - Tales from the Crypto http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx Guide Cross Site Scripting - Attack and Defense guide - InterN0T - Underground Security Training http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf (application/pdf Object) https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf sirdarckcat: Our Favorite XSS Filters and how to Attack them http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html Filter Evasion – Houdini on the Wire « Security Aegis http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/ HTML5 Security Cheatsheet http://heideri.ch/jso/#javascript XSS - Cross Site Scripting http://www.reddit.com/r/xss/ sla.ckers.org web application security forum :: XSS Info http://sla.ckers.org/forum/list.php?2 [DOM Based Cross Site Scripting or XSS of the Third Kind] Web Security Articles - Web Application Security Consortium http://www.webappsec.org/projects/articles/071105.shtml What's Possible with XSS? http://www.12robots.com/index.cfm/2010/9/14/Whats-Possible-with-XSS--Security-Series-81 Coldfusion ColdFusion directory traversal FAQ (CVE-2010-2861) | GNUCITIZEN http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+gnucitizen+%28GNUCITIZEN%29&utm_content=Twitter Attacking ColdFusion. | Sigurnost i zastita informacija http://zastita.com/02114/Attacking_ColdFusion..html Attacking ColdFusion http://www.nosec.org/2010/0809/629.html HP Blogs - Adobe ColdFusion's Directory Traversal Disaster - The HP Blog Hub http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964 254_ShlomyGantz_August2009_HackProofingColdFusion.pdf (application/pdf Object) http://cfunited.com/2009/files/presentations/254_ShlomyGantz_August2009_HackProofingColdFusion.pdf Adobe XML Injection Metasploit Module | carnal0wnage.attackresearch.com http://carnal0wnage.attackresearch.com/node/436?utm_source=twitterfeed&utm_medium=twitter Computer Security Blog: PR10-08 Various XSS and information disclosure flaws within Adobe ColdFusion administration console http://r00tsec.blogspot.com/2011/03/pr10-08-various-xss-and-information.html SharePoint The Ethical Hacker Network - Pen Testing Sharepoint http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6131.msg32678/#msg32678 Lotus Lotus Notes/Domino Security - David Robert's -castlebbs- Blog http://blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security Penetration Testing: Re: Lotus Notes http://seclists.org/pen-test/2002/Nov/43 Hacking Lotus Domino | SecTechno http://www.sectechno.com/2010/07/12/hacking-lotus-domino/?utm_source=twitterfeed&utm_medium=twitter&utm_campaign=Feed%3A+Sectechno+%28SecTechno%29&utm_content=Twitter jboss Whitepaper-Hacking-jBoss-using-a-Browser.pdf (application/pdf Object) http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf Minded Security Blog: Good Bye Critical Jboss 0day http://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html vmware web Metasploit Penetration Testing Framework - Module Browser http://www.metasploit.com/modules/auxiliary/scanner/http/vmware_server_dir_trav Oracle appserver hideaway [dot] net: Hacking Oracle Application Servers http://www.hideaway.net/2007/07/hacking-oracle-application-servers.html Testing for Oracle - OWASP http://www.owasp.org/index.php/Testing_for_Oracle OraScan http://www.ngssoftware.com/services/software-products/internet-security/orascan.aspx NGSSQuirreL for Oracle http://www.ngssoftware.com/services/software-products/Database-Security/NGSSQuirreLOracle.aspx hpoas.pdf (application/pdf Object) http://www.ngssoftware.com/papers/hpoas.pdf SAP Onapsis | Research Labs http://www.onapsis.com/research.html#bizploit '[john-users] patch for SAP-passwords (BCODE & PASSCODE)' - MARC http://marc.info/?l=john-users&m=121444075820309&w=2 Phenoelit SAP exploits http://www.phenoelit-us.org/whatSAP/index.html Wireless pyrit - WPA/WPA2-PSK and a world of affordable many-core platforms - Google Project Hosting http://code.google.com/p/pyrit/ Certified Ethical Hacker Video CBT http://www.w1zsec.info/ceh/
Thursday, February 14, 2013
Freedom!!!
So it interests me to see how individuals (I say that because I do not want to categorize everyone) resist personal responsibility. This happens in the church also and it rears its head by the ideology of predestination. I will not go into detail as to the debate on predestination or do I feel qualified to engage in such a debate. What does interest me is the idea that I choose how I respond to daily issues. As some of you know (no more than 500 according to Google) I write about my personal life and projects and entertain my narcissism believing that others find my blog interesting. Recently I made a post about my cold weather running and cold water baths and how determination can allow humans to do so much more. Well this sparked a debate as to the fact that only Gods determination allows us to do what we do. Well I call Shana gins (is that the right word) Yes I know about Ephesians 1 and many other scriptures in the bible. What about this only have I found: God made mankind upright, but men have gone in search of many schemes. Ecclesiastes 7:29 NIV or ...Whatever happens, conduct yourselves in a manner worthy of the gospel of Christ... Philippians 1:27 NIV
Josh McDowell had the following to say about creation, evil, and God’s love for us:
The Scriptures make it plain that God did not create the world in the state in which it is now, but evil came as a result of the
selfishness of man. The Bible says that God is a God of love and He desired to create a person and eventually a race that would
love Him. But genuine love cannot exist unless freely given -- through free choice God allows us to accept His love or to reject it.
I feel that God created man good and we choose evil. Thus sickness and other things are not part of Gods original plan, exploration and determination and curiosity about the nature of humanity is. My desire to know God more personally will always be my desire.
Monday, February 4, 2013
40 degree bath
Today I took a 40 degree bath. I filled up the tub with snow and ice cubes and got in. Wow is all I can say!!! It was very difficult to control my breathing and concentrate on warming my body. My toes went numb very quickly and my legs turned really red. Overall it was a success! Took a cold shower after wards. The one thing I have noticed is how drained I feel afterwards.
Cold Weather training
So, I haven't blogged in a little while and wanted to start again. I have been still doing Security and you will still see some blogs on my research and my discoveries however I also wanted to include some other training that I have been doing. I recently read a book by WIM HOF called Becoming the Iceman its the journey of Wim Hof as he tells his story of being able to do minimalist running in extreme cold. Being a minimalist runner myself I decided to begin doing some of the exercises and meditation he is talking about in his book. Well for two days in a run I have run with my vibrams a t-shirt and shorts in 28 degree weather. So my guess is the training is working. I also have been doing cold water baths to build up my immune system and prepare me for colder temperatures. I will let you know how it continues.
Subscribe to:
Posts (Atom)