Home page logo
/
basics logo
Security Basics Mailing List

A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

List Archives

JanFebMarAprMayJunJulAugSepOctNovDec
201413372
20136228356163668204
2012139169721302022191581043079319
201120321413710314811115211120890122145
20101211111941661021032031083093949116
200925222629012828718722618618715513248
2008522537455348390290345229236376224217
2007411387275446632291260380432330326382
2006552406466410352339413354385412441415
2005454369525485319357433555461697531370
2004538454805439342371451313453606637466
200344660945559652293942210971118673712579
2002480734597

Latest Posts

NMAP service detection for https before http cestmir . holub . ext (Apr 16)
Hello,
do you know how to make NMAP service detection for https (ssl/http) before http?
I have both protocols http and https on one port enable.
The nmap service detection discovered only http (probably first found known service), but I need to have https listed
and don't need the http information.
Thank you, C.Holub

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital...

OWASP ZAP 2.3.0 psiinon (Apr 11)
Hi folks,

OWASP ZAP 2.3.0 is now available :
http://code.google.com/p/zaproxy/wiki/Downloads?tm=2

Quick summary of the main changes:

* A ZAP 'lite' version in addition to the existing 'full' version
* View, intercept, manipulate, resend and fuzz client-side (browser) events
* Enhanced authentication support
* Support for non standard apps
* Input Vector scripts
* Scan policy - fine grained control
* Advanced Scan dialog
*...

c0c0n 2014 | The cy0ps c0n - Call For Papers & Call For Workshops c0c0n International Information Security Conference (Mar 24)
            ___        ___          ___   ___  __ _  _   
           / _ \      / _ \        |__ \ / _ \/_ | || | 
       ___| | | | ___| | | |_ __      ) | | | || | || |_
      / __| | | |/ __| | | | '_ \    / /| | | || |__   _|
     | (__| |_| | (__| |_| | | | |  / /_| |_| || |  | | 
      \___|\___/ \___|\___/|_| |_| |____|\___/ |_|  |_| 
                           ...

Shakacon 2014: Call for Papers - Deadline April 11th Shakacon (Mar 20)
==<Apologies for the cross posting but hope to see everyone at the
conference>==

----++++++++++++++++++++++++++++++++++++----
Shakacon VI - Honolulu, Hawaii

"Sun, Surf, and C Shells"

CALL FOR PAPERS

www.shakacon.org/CFP2014.html
----++++++++++++++++++++++++++++++++++++----

Who: Shakacon Crew
What: Shakacon VI
When: June 23-25 2014
Where: Honolulu, HI
Why: World Class...

Re: Metrics for Ethical Hack Vic Vandal (Mar 17)
Hi Monika,

There are tools that will run 20,000-30,000 multi-threaded string attacks on an entire crawled website within a couple
of hours. How fast can you type web requests and analyze web responses in comparison? (heh)

You also wrote "review code" in your message. If you're reviewing source code, how fast can you read and interpret
thousands and thousands of lines of code and compare it to say a dozen common coding...

Metrics for Ethical Hack mc (Mar 14)
Hi All
I am interested to know if there is any metric used to measure amount of
time it takes to manually review code vs. using a tool. Any opinion will be
appreciated.
Thanks
Monika Chakraborty

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how...

CarolinaCon-10 - May 2014 - FINAL ANNOUNCEMENT Vic Vandal (Mar 14)
CarolinaCon-10 will be held on May 16th-18th, 2014 in Raleigh NC. For the cheap price of your average movie admission
with popcorn and a drink ($20) YOU could get a full weekend of talks, hacks, contests, and parties.

We've selected as many presentations as we can fit into the lineup. Here they are, in no particular order:

- Bypassing EMET 4.1 - Jared DeMott
- Password Cracking for noobs - smrk3r
- AV Evasion with the Veil Framework -...

IMAP STARTTLS sniff tool bezrin (Mar 06)
Hi all.
We managed succesfully to sniff inside POP3S, SMTPS, IMAPS & HTTPS tunnels using arpspoof, iptables & sslsplit to make
MITM.
Now we want to sniff inside STARTTLS tunnels (specifically IMAP) but unfortunately sslsplit doesn't supports STARTTLS.
Is there/do you know another SSL/TLS tool supporting IMAP over STARTTLS to make MITM?

Many thanks
B.

------------------------------------------------------------------------...

Looking for reading material on incident management and response Pranav Lal (Mar 03)
Hi all,

I am going to be a part of the incident management team at my employer's.
The policies and procedures a are already in place. Most of my experience
has been in the attacker side of things. Can anyone suggest a set of books
that I can read to better understand defensive security? See the list below.

1. Computer Security Incident Handling
By Stephen Northcutt
2. Incident Response and Computer Forensics, Third Edition
by Chris...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]