Useful sites. Wiki GeekZ. Stolen Security. Security Research Forum. Google. The Interconnected World of Growth Hackers. When startups are ready to scale, one challenge that often crops up is finding the right person to lead the growth charge.
Stage right: the growth hacker. A good growth hacker has a burning desire to connect a target market with a must-have solution, and everything they do is measured by their potential impact on scalable growth. Below is a chart of modern-day growth hackers and the companies they’ve helped to build. We show how many of these growth hackers are interconnected, and how there are natural groupings of growth hackers around certain company genres (Microsoft and Linkedin, for instance). (above paragraph adapted from a post by Sean Ellis) View an enlarged version of this Infographic » Click here to download a .pdf version of this infographic.
Simply copy and paste the code below into the html of your website to display the infographic presented above: DARPA-backed Power Pwn is power strip by day, superhero hack machine by night. Welcome. Welcome to SecurityTube! Mac Hacking [dot] net - Knowledge Base. InterN0T - Underground Security Training. Stuxnet - Cyber Warfare. Mac Hacking [dot] net - Knowledge Base. The Best Hacking Tutorial Sites - Learn Legal Hacking - StumbleUpon. Written by: Daniel Robson•edited by: Aaron R.
•updated: 2/13/2011 Whether it's to understand potential attack vectors or simply for the fun of it, learning the basics of hacking is something that a lot of people aspire to. Here's our list of the top tutorial based hacking sites. Introduction Films like Swordfish and Hackers have made hacking seem cool, a lifestyle choice almost.
However most techies know that in reality it's often a difficult and time consuming process. Request for Comments (RFC) Pages. MD5 considered harmful today. The bytes 0 - 473 in the real certificate (the fields up to the modulus, and the first 5 bytes of the modulus field which are a predictable header) are pretty much fixed by CA requirements.
Those 474 bytes form the "chosen prefix" on the real certificate's side. For this certificate we chose to have a 2048 bit RSA key. The main reason for this size is the fact that we have to hide the collision block in there. Our collision construction method enables us to make collision blocks of 1632 bits, so 2048 seems a reasonable choice. Moreover 2048 bit RSA moduli are quite common, so no suspicion is raised. At the side of the rogue certificate we could not use the public key modulus for hiding the collision block.
To accomplish this, it was helpful that the subject Distinguished Name in the real certificate has considerable length, that can easily be stretched by choosing an appropriately sized Common Name. The Netscape Comment extension requires a header of 23 bytes. Exploiting Unexploitable XSS. XSS that are protected by CSRF protection or where other mitigating factors are present are usually considered to be unexploitable or of limited exploitability.
This post details real world examples of exploiting “unexploitable” XSS in Google and Twitter. While the XSS detailed in this post are site specific the methods that were used to exploit them could be applied to other websites with similar implementations. Alex’s (kuza55) Exploiting CSRF Protected XSS served as inspiration for this post. Google Google has services deployed across many different domains and subdomains and as a result requires a way to seamlessly authenticate members who are logged in to their Google Account. When called by a member who is logged in to their Google Account the URL generates an auth URL and redirects to the particular service. Hacking. Hacking. Malicious Linux Commands -
From (This article was originally published in Ubuntu Forums but was removed there.
Ubuntuguide feels that knowledge about these risks is more important than any misguided attempts to "protect the public" by hiding their potential dangers or protect the (K)Ubuntu/Linux image. The original article has therefore been re-created (and subsequently edited) here.) ATTENTION: It is worthwhile to have some basic awareness about malicious commands in Linux. Always be cautious when running one of these (or similar) commands (or downloaded scripts) that have been "recommended" as a solution to a problem you may have with your computer.
Top 10 Web hacking techniques of 2010 revealed. Network World - A Web hack that can endanger online banking transactions is ranked the No. 1 new Web hacking technique for 2010 in a top 10 list selected by a panel of experts and open voting.
Called the Padding Oracle Crypto Attack, the hack takes advantage of how Microsoft's Web framework ASP.NET protects AES encryption cookies. FROM THE SECURITY WORLD: Quirky moments at Black Hat DC 2011 If encryption data in the cookie has been changed, the way ASP.NET handles it results in the application leaking some information about how to decrypt the traffic. With enough repeated changes and leaked information, the hacker can deduce which possible bytes can be eliminated from the encryption key. That reduces the number of unknown bytes to a small enough number to be guessed. The developers of the hack -- Juliano Rizzo and Thai Duong -- have developed a tool for executing the hack.
Hacking and Security Articles / Tutorials / White Papers at HellBound Hackers. Twitter Tools. The Ethical Hacker Network. Hacked Gadgets - DIY Tech Blog. DARKSIDE RG. Zone-H.org - Unrestricted information. KaKaRoTo's Blog. Hexxeh's Blog - Home of…um, well, Hexxeh… Firesheep. Protect The Business - Enable Access. How to Hack: Ethical Hacking and Cyber Security.