Home page logo
/
pen-test logo
Penetration Testing Mailing List

While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

List Archives

JanFebMarAprMayJunJulAugSepOctNovDec
20146251
201349411123623
2012152524161616847362
201138113527272363441483914
2010127110121766077587782734296
20092041361562037617512515811521514289
200825416616816919380168156167217135301
2007141168194171276207225290166157140159
2006330462417318325552447421247317198282
20051811231277896328391379445271277278
20042961782061081411799933933357114208
20036015918911612614424137105131
200211611382521461181487467234947
200118213921413130619513628920415086
2000232501379449411

Latest Posts

OWASP ZAP 2.3.0 psiinon (Apr 10)
Hi folks,

OWASP ZAP 2.3.0 is now available :
http://code.google.com/p/zaproxy/wiki/Downloads?tm=2

Quick summary of the main changes:

* A ZAP 'lite' version in addition to the existing 'full' version
* View, intercept, manipulate, resend and fuzz client-side (browser) events
* Enhanced authentication support
* Support for non standard apps
* Input Vector scripts
* Scan policy - fine grained control
* Advanced Scan dialog
*...

c0c0n 2014 | The cy0ps c0n - Call For Papers & Call For Workshops c0c0n International Information Security Conference (Mar 24)
            ___        ___          ___   ___  __ _  _   
           / _ \      / _ \        |__ \ / _ \/_ | || | 
       ___| | | | ___| | | |_ __      ) | | | || | || |_
      / __| | | |/ __| | | | '_ \    / /| | | || |__   _|
     | (__| |_| | (__| |_| | | | |  / /_| |_| || |  | | 
      \___|\___/ \___|\___/|_| |_| |____|\___/ |_|  |_| 
                           ...

Shakacon 2014: Call for Papers - Deadline April 11th Shakacon (Mar 20)
==<Apologies for the cross posting but hope to see everyone at the
conference>==

----++++++++++++++++++++++++++++++++++++----
Shakacon VI - Honolulu, Hawaii

"Sun, Surf, and C Shells"

CALL FOR PAPERS

www.shakacon.org/CFP2014.html
----++++++++++++++++++++++++++++++++++++----

Who: Shakacon Crew
What: Shakacon VI
When: June 23-25 2014
Where: Honolulu, HI
Why: World Class...

SAP post exploitation Brian Milliron (Mar 14)
Recently I ran across some vulnerable AIX SAP servers on a test and
managed to get admin access on the Web GUI. However, I know very little
about SAP and was unable to leverage SAP admin to get access to the
Oracle DB (it uses a separate credential store) or root on the OS.
Looking through all the available commands for both the web interface
and the SAP telnet interface I didn't see much that looked useful or
interesting. If I find myself...

IMAP STARTTLS sniff tool Bob Ezrin (Mar 07)
Hi all.
We managed succesfully to sniff inside POP3S, SMTPS, IMAPS & HTTPS tunnels using:

arpspoof -r DEFAULT_GATEWAY -t VICTIM

iptables -t nat -A PREROUTING -p tcp --dport ORIGIN_PORT -j REDIRECT --to-port REDIRECT_PORT

sslsplit SOME_PARAMS ssl 0.0.0.0 REDIRECT_PORT

to make man-in-the-middle.

Now we want to sniff inside STARTTLS tunnels (specifically IMAP) but unfortunately sslsplit doesn't supports STARTTLS.
Here there is the...

IMAP STARTTLS sniff tool Bob Ezrin (Mar 07)
Hi all.
We managed succesfully to sniff inside POP3S, SMTPS, IMAPS & HTTPS tunnels using arpspoof, iptables & sslsplit to make
MITM.
Now we want to sniff inside STARTTLS tunnels (specifically IMAP) but unfortunately sslsplit doesn't supports STARTTLS.
Is there/do you know another SSL/TLS tool supporting IMAP over STARTTLS to make MITM?

Many thanks
B.

------------------------------------------------------------------------...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]