background preloader

Hacking, Security Papers.

Hacking, Security Papers.

http://www.insecure.in/papers_03.asp

Related:  Tools: Security - Forensics - Pentesting - Ethical HackingInbox

Top 15 Open Source. Free Security. Tools. 1. Nmap Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap homepage.

Crack/Keygen Sites That Are Safe To Use Blindly searching the web for cracks & keygens is about as smart as using Limewire to search for antivirus software - something not well-advised. Undoubtedly and unfortunately, the number of crack sites with overtones of a malicious agenda heavily outweigh sites that just want to serve up the honest goods. Having said that, there actually are quite a few creditable ‘crack’ sites that won’t try to bombard you with full-screen popup ads, or commandeer your computer into a spam-loving Kraken or Srizbi Botnet army. We’ve done the hard work for you, and present a list of “clean” crack sites for all the latest warez. Be aware that the site reviews herein only include information about each site, not the contents of the ‘cracks’ themselves.

Exploiting Unexploitable XSS XSS that are protected by CSRF protection or where other mitigating factors are present are usually considered to be unexploitable or of limited exploitability. This post details real world examples of exploiting “unexploitable” XSS in Google and Twitter. While the XSS detailed in this post are site specific the methods that were used to exploit them could be applied to other websites with similar implementations.

Autopsy Forensic Easy to Use Autopsy was designed to be intuitive out of the box. Installation is easy and wizards guide you through every step. All results are found in a single tree. See the intuitive page for more details. Extensible Google hacking master list This master list of Google Hacking command sets has show up on a forum in Russia, as well as on Scribd. While we often forget about Google hacking, and rarely use it against our own sites, a list like this is going to keep the kids happy as they merrily pound their way through Google to your systems. This makes the data much more accessible than at Johnny I hack stuff. There are some drawbacks in how Johnny I hack stuff works, you have to do a lot of clicking to get to the right hacks. This master list also includes things I have not seen or tried yet meaning that the body of knowledge for Google hacks is still being expanded upon. It has been a while since a really good Google hack has come out, but this list promises to keep me busy for a while.

Internet Search Tips and Strategies .:VirtualSalt Robert Harris Version Date: July 6, 2000 Overview OWASP Developer Guide. OWASP Developer Guide The OWASP Developer Guide 2014 is a dramatic re-write of one of OWASP's first and most downloaded projects. The focus moves from countermeasures and weaknesses to secure software engineering. Introduction The OWASP Developer Guide is the original OWASP project. It was first published in 2002, when Ajax was only a mote in Microsoft's eye with the new e-mail notification in Outlook Web Access (and only if you used Internet Explorer).

International Computer Security Association ICSA Labs (International Computer Security Association) began as NCSA (National Computer Security Association). Its mission was to increase awareness of the need for computer security and to provide education about various security products and technologies. In its early days, NCSA focused almost solely on the certification of anti-virus software. Using the Consortia model, NCSA worked together with anti-virus software vendors to develop one of the first anti-virus software certification schemes. Over the past decade, the organization added certification programs for other security-related products, and changed its name to ICSA. Official website

Related: