Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Neopal

Pages: [1]
1
Hacking and Security / Introducing OWASP Bricks
« on: February 20, 2013, 04:17:16 am »
Quote
OWASP Bricks is a web application security learning platform built on PHP and MySQL.



Quote
The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security.




Currently there are four challenges available:
Challenge #1 - A simple log in page vulnerable to SQL injection.
Challenge #2 - A simple file upload page vulnerable to arbitrary file upload.
Challenge #3 - A normal content displaying page with Integer based SQL injection vulnerability in the URL.
Challenge #4 - Another log in page.


Videos are available on OWASP Bricks YouTube channel.



OWASP Bricks website: owasp.org/index.php/OWASP_Bricks
OWASP Bricks documentations: sechow.com/bricks/docs
Blog: owaspbricks.blogspot.com


Challenge #4 ( Log in page #2) is open for the public at the moment of writing. All the previous challenges are solved and their docs and videos are available.


2
Found it on the Webs / What your browser tells about you?
« on: March 06, 2012, 11:57:24 am »



Quote
BrowserSpy.dk is the place where you can see just how much information your browser reveals about you and your system.






Website: http://browserspy.dk/


Found it on Galley

3
Found it on the Webs / Old versions of software
« on: March 05, 2012, 05:55:03 pm »
Old is Gold





Newer is not always better, but that's just one part of the story.
Old versions of software might be suffering from vulnerabilities and it can be a good starting point for beginners for learning process.


OldApps.com - http://www.oldapps.com/
|
--- Windows - http://www.oldapps.com/
|
--- Linux - http://www.oldapps.com/linux/
|
--- Mac - http://mac.oldapps.com/


OldVersion.com - http://www.oldversion.com/
|
--- Windows - http://www.oldversion.com/
|
--- Linux - http://www.oldversion.com/linux/
|
--- Mac - http://www.oldversion.com/macintosh/
|
--- Games - http://www.oldversion.com/games/


OldWare.Org - http://www.oldware.org/


Old-Versions.Org - http://www.old-versions.org/


DownloadOldVersion - http://www.downloadoldversion.com/


 8)

4
Security Tools / BackTrack 5 R2 Released
« on: March 02, 2012, 04:15:28 pm »
BackTrack 5 R2 New Kernel, New Tools




Release notes: http://www.backtrack-linux.org/backtrack/backtrack-5-r2-released/

5
Security Tools / Hardanger - Web Application Penetration Testing Platform
« on: February 25, 2012, 06:29:12 pm »



Hardanger is an open source web application penetration testing platform for Microsoft Windows operating systems.


Features:
Quote
Native Windows feel via Windows Presentation Foundation
Can run as a Fiddler2 add-on or standalone
ClickOnce installer with automatic updates (standalone version)
Context tab allowing inspection of full HTTP requests
Server fuzzer tab to configure and launch the server fuzzer
Basic random fuzzer generates random strings of UTF8 characters of random lengths
Non HTTP 200 detection engine
Results window keeping track of successful detections
Ability to review requests/responses in the results details window


http://hardanger.codeplex.com/

7
Android / Android Tamer
« on: February 21, 2012, 01:15:20 am »
Quote
Android Tamer is a one stop tool required to perform any kind of software operations on  Android devices / applications / network.


http://atamer.anantshri.info/

8
Security Tools / Hack your router with RouterPwn.com
« on: February 20, 2012, 11:16:08 am »

Routerpwn.com is a web application that helps you in the exploitation of vulnerabilities in residential routers.


  • It is a compilation of ready to run local and remote web exploits.
  • Programmed in Javascript and HTML in order to run in all "smart phones" and mobile internet devices.
  • It is only one page, so you can store it offline for local exploitation without internet connection.
  • You can change the destination IP by clicking on the [IP] link next to the exploit. To view more info on the exploit like the complete advisory and author you can click the link
Visit http://routerpwn.com/ now

9



Matriux is a popular security distribution based on Debian. A new version of it is now available: http://www.matriux.com/index.php?page=download



Even though there are no official statements made by Offensive Security, it is almost confirmed that that very next versions of Backtrack 5 ( called Backtrack 5 r2) is scheduled to be released on March.


A tweet from Devon Kearns (Offsec instructor, BackTrack developer, Exploit-DB admin and author) to Rob Fuller gives much more details about the release.


Quote
@mubix yep, R2 comes out March 1st. New kernel (3.2.4) will hit the repos a few days before that.
This versions is to be called as Backtrack 5 r2
It will get released in March and is actually scheduled to be released on March 1st
Kernel is going to be 3.2.4


You can see the tweet over here

11
http://www.youtube.com/watch?v=_Z9RQSnf8-g


The third episode in the OWASP Appsec Tutorial Series. This episode describes the #2 attack on the OWASP top 10 - Cross-Site Scripting (XSS). This episode illustrates three version of an XSS attack: high level, detailed with the script tag, and detailed with no script tag, and then recommends resources for further learning.

12
Video Tutorials / OWASP Appsec Tutorial Series - Episode 2: SQL Injection
« on: February 07, 2012, 01:18:55 am »

http://www.youtube.com/watch?v=pypTYPaU7mM

The second episode in the OWASP Appsec Tutorial Series. This episode describes the #1 attack on the OWASP top 10 - injection attacks. This episode illustrates SQL Injection, discusses other injection attacks, covers basic fixes, and then recommends resources for further learning.

13
Video Tutorials / OWASP Appsec Tutorial Series - Episode 1: Appsec Basics
« on: February 05, 2012, 08:01:55 am »
http://www.youtube.com/watch?v=CDbWvEwBBxo

Quote
The first episode in the OWASP Appsec Tutorial Series. This episode describes what the series is going to cover, why it is vital to learn about application security, and what to expect in upcoming episodes
.

14



Quote
IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool's features are simple enough to be used by absolute beginners.


Visit IronWASP website for more.

Pages: [1]


Intern0t SoldierX SecurityOverride programisiai
Want to be here? Contact Ande, Bluechill or Kulverstukas on the forum or at IRC.