background preloader

Projects - *ORA

Projects - *ORA
Overview | People | Sponsors | Publications | Hardware Requirements | Software | Training & Sample Data *ORA is a dynamic meta-network assessment and analysis tool developed by CASOS at Carnegie Mellon. It contains hundreds of social network, dynamic network metrics, trail metrics, procedures for grouping nodes, identifying local patterns, comparing and contrasting networks, groups, and individuals from a dynamic meta-network perspective. *ORA has been used to examine how networks change through space and time, contains procedures for moving back and forth between trail data (e.g. who was where when) and network data (who is connected to whom, who is connected to where …), and has a variety of geo-spatial network metrics, and change detection techniques. *ORA can handle multi-mode, multi-plex, multi-level networks. Based on network theory, social psychology, operations research, and management theory a series of measures of “criticality” have been developed at CMU. Related:  Cyber Situational Awareness

Powerful ‘Flame’ cyberweapon tied to popular Angry Birds game May 28, 2012: A screenshot from researchers at Kaspersky Labs shows the code behind Flame, called "the most sophisticated cyber weapon yet unleashed."Kaspersky Labs The most sophisticated and powerful cyberweapon uncovered to date was written in the LUA computer language, cyber security experts tell Fox News -- the same one used to make the incredibly popular Angry Birds game. LUA is favored by game programmers because it’s easy to use and easy to embed. “The people who developed the malware … found an ingenious way to use a code not part and parcel of a hacker’s normal arsenal, and that made it harder to detect,” he told Fox News. 'They found an ingenious way to use a code not part of a hacker’s normal arsenal But this new weapon is twenty times the size of earlier cyberbombs and far more powerful, making it practically an army on its own, said Roel Schouwenberg, a senior security researcher with Kaspersky Labs. “Flame is a cyberespionage operation,” he told FoxNews.com.

Online BackTrack Security Training by Offensive Security The Creators of BackTrack have developed training that will take you through all aspects of a penetration test. Whether you are a seasoned penetration tester or just starting off, we have a course that can help you take your skills to the next level. Our online courses are designed to give you flexibility to work at your own pace. Our flagship course, Penetration Testing With Kali (PWB) will open your eyes to the skills needed to perform a penetration test from A to Z. After that you can move on to Cracking the Perimeter (CTP) – which focuses on exploitation using many of the skills you learned in the PWB class. Our courses are designed to work with a combination of our videos, pdf’s and a full lab environment. If you want to be a proffesional in the field, the way to go about it is to train in security penetration testing with the best.

Set up your own Pen-testing/Hacking Lab Network using a Single System | www The only thing to look for is your systems hardware configuration. You should have minimum 2 GB RAM but it is highly recommended to use 3 GB RAM for a 32 bit operating system. We will be using Oracle VirtualBox in this tutorial. You can download virtualbox from this link [Reference 1]. Once you have installed Vbox, the next step is to download the Extensions pack. You can get it from this link [Reference 2] Once you have followed these initial steps, you are half done.

BASH Programming - Introduction HOW-TO: Variables NextPreviousContents 5. Variables You can use variables as in any programming languages. There are no data types. You have no need to declare a variable, just assigning a value to its reference will create it. 5.1 Sample: Hello World! #! Line 2 creates a variable called STR and assigns the string "Hello World!" 5.2 Sample: A very simple backup script (little bit better) #! This script introduces another thing. Notice that in this script, the output filename will be different every day, due to the format switch to the date command(+%Y%m%d). Some more examples: echo ls echo $(ls) 5.3 Local variables Local variables can be created by using the keyword local. #! This example should be enought to show how to use a local variable.

Windows Tools For Penetration Testing Most penetration testers are using either a Mac or a Linux-based platform in order to perform their penetration testing activities.However it is always a good practice to have and a Windows virtual machine with some tools ready to be used for the engagement.The reason for this is that although Windows cannot be used as a main platform for penetration testing some of the utilities and tools can still help us to extract information from our windows targets.So in this post we will see some of the tools that we can use in our windows system. HashCheck Shell Extension The HashCheck Shell Extension makes it easy for anyone to calculate and verify checksums and hashes from Windows Explorer. In addition to integrating file checksumming functionality into Windows, HashCheck can also create and verify SFV files (and other forms of checksum files, such as .md5 files). Netcat Netcat is often referred to as a “Swiss-army knife for TCP/IP”. Metasploit Framework RealVNC Viewer GetIf Cain & Abel Wireshark

OSVDB | Everything is Vulnerable Security Affairs Same Origin Method Execution (SOME) is a new technique of attack against website presented by Ben Hayak, researcher at Trustwave, at Black Hat Europe in Amsterdam. The Same Origin Method Execution (SOME) attack method is related to JavaScript Object Notation with padding (JSONP) implementation, it allows a bad actor to impersonate the targeted user, and most concerning aspect of the attack is that the there is no need for user interaction if malicious code is served through a classic malvertising campaign. Be aware, if a domain is vulnerable to the attack, all its pages will result vulnerable. “Same Origin Method Execution” is a new technique that abuses JSONP in order to perform a limitless number of unintended actions on a website on behalf of users, by assembling a malicious set of timed frames and/or windows. The Same Origin Policy is a pillar of web application security model which is used to regulate the interaction between unrelated websites and third-party services.

European Centre for Information Policy and Security NetComber | Global Website Fingerprinting | Netcomber.com

Related: