Stream

Join this community to post or comment
 
Hello, is the #DevGuide project still alive? When will be the new version released?
1
Steven van der Baan's profile photoZdeněk Seidl's profile photo
4 comments
 
👍😉
Add a comment...

Ole Aass

Discussion  - 
 
 
Migrating my blog brings back some fun memories. 
While searching around the web for new nifty tricks I stumbled across this post about how to get remote code exeution exploiting PHP's mail() function. Update: After some further thinking and looking into this even more, I've found that my statement about this only being possible in really rare cases
1
Add a comment...
 
New vlog series on how to do secure code reviews, first two episodes up:

https://www.youtube.com/playlist?list=PLMsh46O_B5Q9pPXPbxpTwr49VWLpPaixJ

In these two eps, I discuss how to what is the Application Security Verification Standard 3.0, and how to setup a virtual secure code review environment. Future episodes will go into engagement management, client communications, and then a deep dive into each ASVS requirement from a code review point of view.
3
3
Jose Miranda's profile photoTanisha L. Turner's profile photo
Add a comment...

Paweł Płocki

Cloud Security  - 
 
Man-in-the-Cloud (MITC) Attacks Developed to Hack Cloud Accounts http://www.hackinsight.org/news,422.html
Popular cloud storage services such as Google Drive and Dropbox can be abused by hackers running Man-in-the-Cloud (MITC) attacks.
1
Add a comment...

Ole Aass

Projects  - 
 
 
This is a small script I made after I started with ROP. I found that I was constantly searching Google for information about instruction sets. After I found this website ( http://x86.renejeschke.de/ ) I decided to make a small script to look...Read more
1
Add a comment...

Joe Pettit

Discussion  - 
 
A security researcher has published a zero-day vulnerability found in the newest versions of OS X Yosemite apparently out of protest to Apple’s irresponsible behavior when it comes to patching its software for vulnerabilities.

By +David Bisson of +Tripwire, Inc. 
A security researcher has published a zero-day vulnerability OS X Yosemite out of protest to Apple's not patching its software for vulnerabilities.
5
Add a comment...
 
OWASP Top Ten Series: Code Injection

What is the vulnerability?

A Code Injection occurs when untrusted data is injected or manually entered into an input sent to an application or database. The untrusted data contains malicious code or input parameters that the target application is tricked into executing. This malicious code can often enable access to data that shouldn’t be displayed, or it can allow the calling of other external code that an attacker has full control over.
Code Injection  What is the vulnerability? A Code Injection occurs when untrusted data is injected or manually entered into an input sent to an application or database. The untrusted data contains malicious code or input parameters that the target application is tricked into executing. This malicious code can often enable access to data that shouldn’t …
1
Add a comment...

Ole Aass

Discussion  - 
 
 
I have started recording myself doing challenges that I do not have proper knowledge about. This is to force myself to learn these things. So I figured recording myself making a complete fool out of myself would be a fun thing to do :)

If you don't feel like reading the blog article, you can view the list of videos here: http://oleaass.com/videos/exploit-exercises/
For a time now I’ve been thinking about recording myself while I work on solving different wargames, ctf’s, etc. There’s more than one reason for this. One of them are because it’s a great way to document my progression. Another one is...Read more
1
Add a comment...
 
Can I help?
1
Add a comment...
 
We are looking for a Penetration Tester or Ethical Hacker with a formal recognised Penetration Test Qualifications such as CREST, CHECK, TIGER, Cyberscheme CSTME, CEH Certification to join the team in London, UK. You may check the details and apply here: http://www.hackinsight.org/jobs,7.html
1
Add a comment...

About this community

The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. Website: www.owasp.org

Joe Pettit

Discussion  - 
 
A former intern at FireEye has pleaded guilty to selling the Dendroid malware on the underground web forum Darkode.

+Tripwire, Inc. 
A former intern at FireEye has pleaded guilty to selling the Dendroid malware on the underground web forum Darkode.
1
Add a comment...

Gaurav Pawaskar

Discussion  - 
 
Some thoughts about input type password
1
Add a comment...

Joe Pettit

Discussion  - 
 
Today’s VERT Alert addresses 14 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-628 on Wednesday, August 12th.

+Tripwire, Inc. 
1
Add a comment...

Joe Pettit

Discussion  - 
 
A security firm has released the results of an experiment that used a honeypot script named “GasPot” to determine the security threats facing gas tanks.

By +David Bisson of +Tripwire, Inc. 
A security firm has released the results of an experiment that used a honeypot script named "GasPot" to determine the security threats facing gas tanks.
1
Add a comment...

Ole Aass

Discussion  - 
 
 
Created a scoreboards page which shows stats for ctf's, wargames, boot2roots, etc I am currently, or have been playing
1
Add a comment...

Paweł Płocki

Discussion  - 
 
The Metasploit Guide: Strike Faster and Smarter - New Hack Insight Release is out!

This Hack Insight Team focused on the world's most used penetration testing software - Metasploit.

In this release you will read about Browser Autopwn 2 - Metasploit's new shiny weapon that reflects how hackers today carry out browser attacks against real targets, from amateur level to APT (Advanced Persistent Threat), which ultimately affects every user on the Internet both personally and financially.

Regarding hacking with Metasploit we will cover the exploitation phase. This is the phase where we gain access to the target machine. We will go deeper into metasploit, its commands and its features a bit later, this is a brief overview combined with an example to get you thinking about some of the things that you can do.

Moreover you will read Black Hat Hacking article: "How to configure TOR in Kali Linux to access Deep Web". You will learn that nowadays, anyone can access the Deep Web, navigating the world beyond Google definitely requires know-how. Unlike the graphical, HTML-based "surface Web," no one is holding your hand in the Deep Web. The point is that it's not accessible; if you have to ask, you're not supposed to be there.

Get the full release here:
http://www.hackinsight.org/magazine/network-scanning,53.html

As always it is also available in Hack Insight Annual Subscription:
http://www.hackinsight.org/subscription.html

Enjoy!
Metasploit is a penetration testing platform that enables you to find, exploit, and validate vulnerabilities. The platform includes the Metasploit Framework and its commercial counterparts: Metasploit Pro, Express, Community, and Nexpose Ultimate.
1
1
Tanisha L. Turner's profile photo
Add a comment...

Joe Pettit

Discussion  - 
 
Inspired by past DEF CON villages and the knowledge that this year there will be an Internet of Things village run by ISE, Tripwire VERT began to investigate the possibility of creating our own travelling village.

+Tripwire, Inc. 
We’re excited to announce that we’ve made arrangements for our first village appearance at SecTor.
1
Add a comment...

Alex HackMiami

Discussion  - 
 
Watch SecurityScorecard CEO Aleksander Yampolskiy shine light on #NYSE outage live on #Fox Business News at @ 5pm - #breach #hackers #cyberwar
Watch Fox Business Network streaming live on the web.
1
Add a comment...
 
We are in the last stretches of reviewing the OWASP Application Security Verification Standard 3.0, to be released at AppSec USA in September. If you are an application lead, lead developer, developer, tester, pen tester, code reviewer, or auditor, please review the draft here:

https://github.com/OWASP/ASVS/blob/master/OWASP%20Application%20Security%20Verification%20Standard%203.0.docx

We would also appreciate if you could pass this draft onto software engineers, practitioners, developers, CISOs, and architects.

Please log any discovered issues here:
https://github.com/OWASP/ASVS/issues
4
3
Rafael Puga's profile photoJoset Anthony Zamora's profile photo
Add a comment...

Bhargav Tandel

Discussion  - 
 
Burp Suite - Security Testing of Web Applications.
share(y)
http://bhargavtandel.com/?cat=73
Share This: Description: Burp Suite is an easy-to-use integrated platform for web application security. Burp includes multiple tools that are seamlessly integrated an...
1
Add a comment...