Home page logo
basics logo
Security Basics Mailing List

A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

List Archives


Latest Posts

Re: NMAP service detection for https before http Jesus Andres (Apr 17)

I think you can not have http and https listening to the same tcp
port. What you could have is http and maybe then TLS to create an ssl
tunnel over the already stablished http connection and I'm not sure
about that.

Anyway I think you should try this.

Nmap -sSV -p 80,443 -n -Pn <target server>

You could use -vv for verbosity..

This will give you the service running on the standard http port
tcp/80 and on the standard https...

NMAP service detection for https before http cestmir . holub . ext (Apr 16)
do you know how to make NMAP service detection for https (ssl/http) before http?
I have both protocols http and https on one port enable.
The nmap service detection discovered only http (probably first found known service), but I need to have https listed
and don't need the http information.
Thank you, C.Holub

Securing Apache Web Server with thawte Digital...

OWASP ZAP 2.3.0 psiinon (Apr 11)
Hi folks,

OWASP ZAP 2.3.0 is now available :

Quick summary of the main changes:

* A ZAP 'lite' version in addition to the existing 'full' version
* View, intercept, manipulate, resend and fuzz client-side (browser) events
* Enhanced authentication support
* Support for non standard apps
* Input Vector scripts
* Scan policy - fine grained control
* Advanced Scan dialog

c0c0n 2014 | The cy0ps c0n - Call For Papers & Call For Workshops c0c0n International Information Security Conference (Mar 24)
            ___        ___          ___   ___  __ _  _   
           / _ \      / _ \        |__ \ / _ \/_ | || | 
       ___| | | | ___| | | |_ __      ) | | | || | || |_
      / __| | | |/ __| | | | '_ \    / /| | | || |__   _|
     | (__| |_| | (__| |_| | | | |  / /_| |_| || |  | | 
      \___|\___/ \___|\___/|_| |_| |____|\___/ |_|  |_| 

Shakacon 2014: Call for Papers - Deadline April 11th Shakacon (Mar 20)
==<Apologies for the cross posting but hope to see everyone at the

Shakacon VI - Honolulu, Hawaii

"Sun, Surf, and C Shells"



Who: Shakacon Crew
What: Shakacon VI
When: June 23-25 2014
Where: Honolulu, HI
Why: World Class...

Re: Metrics for Ethical Hack Vic Vandal (Mar 17)
Hi Monika,

There are tools that will run 20,000-30,000 multi-threaded string attacks on an entire crawled website within a couple
of hours. How fast can you type web requests and analyze web responses in comparison? (heh)

You also wrote "review code" in your message. If you're reviewing source code, how fast can you read and interpret
thousands and thousands of lines of code and compare it to say a dozen common coding...

Metrics for Ethical Hack mc (Mar 14)
Hi All
I am interested to know if there is any metric used to measure amount of
time it takes to manually review code vs. using a tool. Any opinion will be
Monika Chakraborty

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how...

CarolinaCon-10 - May 2014 - FINAL ANNOUNCEMENT Vic Vandal (Mar 14)
CarolinaCon-10 will be held on May 16th-18th, 2014 in Raleigh NC. For the cheap price of your average movie admission
with popcorn and a drink ($20) YOU could get a full weekend of talks, hacks, contests, and parties.

We've selected as many presentations as we can fit into the lineup. Here they are, in no particular order:

- Bypassing EMET 4.1 - Jared DeMott
- Password Cracking for noobs - smrk3r
- AV Evasion with the Veil Framework -...

IMAP STARTTLS sniff tool bezrin (Mar 06)
Hi all.
We managed succesfully to sniff inside POP3S, SMTPS, IMAPS & HTTPS tunnels using arpspoof, iptables & sslsplit to make
Now we want to sniff inside STARTTLS tunnels (specifically IMAP) but unfortunately sslsplit doesn't supports STARTTLS.
Is there/do you know another SSL/TLS tool supporting IMAP over STARTTLS to make MITM?

Many thanks


Looking for reading material on incident management and response Pranav Lal (Mar 03)
Hi all,

I am going to be a part of the incident management team at my employer's.
The policies and procedures a are already in place. Most of my experience
has been in the attacker side of things. Can anyone suggest a set of books
that I can read to better understand defensive security? See the list below.

1. Computer Security Incident Handling
By Stephen Northcutt
2. Incident Response and Computer Forensics, Third Edition
by Chris...

More Lists

Dozens of other network security lists are archived at SecLists.Org.

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]