Penetration Testing

Securing Citrix

Wed, 16 May 2012 21:05:22 GMT

Posted by Adrián Puente Z. on May 16

Hi everyone!

I am looking for a good reference to secure a Citrix server to avoid a user to gain acces to the operating system. So
far I have some ideas like restricting the execution of the cmd.exe and (maybe) explorer.exe from with a group policy
in the domain.

If you know about any document I can look at or have any experience about this that want to share I will be very
thankful. Thanks in advance.

Regards,

---
Adrián Puente Z....

Re: Question of Likelihood

Wed, 16 May 2012 19:01:34 GMT

Posted by Pete Herzog on May 16

Hi,

Have you looked into the OSSTMM ravs- attack surface classification
and metrics? It would help you categorize the order in the way you
want here- by what they do and not some guessed weighting or priority
system. Basically it would let you prioritize by 5 vulnerability
classifications and that way if something provides access in any way
it's classified as a higher priority than something that just gives an
exposure.

Sincerely,...

sslcaudit 1.0 released

Tue, 15 May 2012 10:30:08 GMT

Posted by Alexandre Bezroutchko on May 15

Hello,

I would like to announce the release of sslcaudit 1.0.

The goal of sslcaudit project is to develop a utility to automate
testing SSL/TLS clients for
resistance against MITM attacks. It is useful for testing thick clients,
mobile applications,
appliances, pretty much anything communicating over SSL/TLS over TCP.

PDF user-guide is available here:
http://www.gremwell.com/sslcaudit_files/doc/sslcaudit-user-guide-1.0.pdf
Download and...

Re: Question of Likelihood

Mon, 14 May 2012 20:03:50 GMT

Posted by Justin Rogosky on May 14

Hi,

Carnal 0wnage is doing a blog series about this very subject.
http://carnal0wnage.attackresearch.com/2012/04/from-low-to-pwned-0-intro.html

My opinion is that if you are doing a report, it would be of more
value to list the vulnerabilities separately with the reformatted tool
output (or other methodology you are applying to list them as "low").
But add a separate section that shows how the various "enabling"...

Question of Likelihood

Mon, 14 May 2012 18:46:27 GMT

Posted by Pen Testar on May 14

I'm testing an app with sensitive information that is full of holes. Reflected and persisted XSS, CRSF, various
injection attacks… you name it.

You also have a bunch of vulns that aren’t typically of high likelihood, but in the presence of the other vulns above
(I’ll call them the “enabling” vulns), some of these lows are easier to exploit. When you rank, do you rank each vuln
independently or in context of others?

I can see...

t2'12: Call for Papers 2012 (Helsinki / Finland)

Sun, 13 May 2012 00:05:55 GMT

Posted by Tomi Tuominen on May 12

# t2'12 - Call For Papers #
Helsinki, Finland
October 25 - 26, 2012

We are pleased to announce the annual t2'12 infosec conference, which
will take place in Helsinki, Finland, from October 25 to 26, 2012.

We are looking for original, preferably technical presentations in the
fields of information security. Presentations should last a minimum of
60 minutes and a maximum of two...

A survey on web application attacks

Sat, 12 May 2012 00:34:18 GMT

Posted by Hannes Holm on May 11

Hi pen-test subscribers,

I am researching the domain consensus regarding the effectiveness of different web application firewalls (WAF)s and
would be glad if you could spare a few minutes of your time to answer a survey on the topic.

By completing this survey you will:

* Help build valuable domain consensus on the topic of WAF effectiveness.
* Be able to compare your answers to the answers of others.
* Have the chance to win a 100...

Announce: Italian Hacker Game Cracca al Tesoro - Crack A Treasure

Fri, 04 May 2012 17:01:15 GMT

Posted by Aspy on May 04

It is the 6 th edition of the game.

It 's very much like a treasure hunt but more... hight tech!
The team need to find five hidden access point within a city, crack
them, then find the servers behind them, hack them to find clues to
the next target ...

Next date: Genoa, Italy, May 12
Joining is free.

Web Site
http://www.wardriving.it

nullcon Delhi 2012 Call for Paper/Call for Event

Wed, 02 May 2012 04:22:39 GMT

Posted by nullcon on May 01

Hi All,

For the very first time nullcon now comes to Delhi - to showcase cutting
edge security technologies and discuss new attack vectors and security
threats among the Corporate world and the Government sector. The event
brings together thought leaders,Corporates, Government and security
professionals all under one roof.

Prototype:
-------------
We are introducing a new sub-event - Prototype at nullcon Delhi 2012. The
event provides...

xSQL Scanner 1.6 - Released

Tue, 01 May 2012 16:48:52 GMT

Posted by Rodrigo Matuck on May 01

Hi

Everyone

New version of xSQL Scanner is available with following features:

- PostgreSQL support added;
- SQL PortScan updated;
- Exceptions fixed;
- Progressbar bug fixed;
- MSSQL 7 DoS module added.
- MSSQL Empty password exploit module added.
- Session support added
- Visual modified
- Minor Bugs fixed
- Auto-detect feature fixed

Also i uploaded the xTSCrack with bugs fixed.

http://www.4shared.com/zip/4YrGt7hG/xsqlscanner-16.html...

[Tool update] VoIP Hopper 2.04 released

Sun, 29 Apr 2012 17:40:21 GMT

Posted by Jason Ostrom on Apr 29

VoIP Hopper 2.04 security tool is released:

http://voiphopper.sourceforge.net

New Avaya, Alcatel-Lucent, and LLDP-MED spoofing support. Thanks to Nicolas Roux of France for his Alcatel source
contribution and debugging help. The Alcatel support has only been partially tested on a production network - I'm
requesting the help from anyone who has access to Alcatel-Lucent to test the three new modes of VoIP Hopper, and please
let me know....

Anti-fingerprinting techniques

Wed, 25 Apr 2012 14:34:55 GMT

Posted by cr0hn on Apr 25

Hello everybody!

I just released the slides of a course about anti-fingerprinting
techniques. The course talking about:
– A brief introduction of FreeBSD.
– How fingerprinting works.
– How defeat the fingerprinting test.
– Practical examples for evade the test for some services:
+ Web server.
+ FTP server.
+ SSH server.
- A long section dedicated for WordPress.
+ Fingerprinting methods.
+ Tools to test it.
+ Protection techniques.

I...

[HITB-Announce] HITB Magazine Issue 008 (now with print edition!)

Tue, 24 Apr 2012 02:40:07 GMT

Posted by Hafez Kamal on Apr 23

The 8th issue of the HITB Quarterly Magazine is now available for download!

http://magazine.hitb.org/

This edition is a little bit 'lighter' than previous issues as the
editorial team is busy working on an extra special release for our 10th
year anniversary conference in October, HITBSecConf2012 - Malaysia.

http://conference.hitb.org/hitbsecconf2012kul/

For the first time ever though, we're making print editions of the
magazine...

[New tool] - Exploit Pack - Web Security

Mon, 23 Apr 2012 22:17:21 GMT

Posted by noreply () exploitpack com on Apr 23

Exploit Pack - Web Security Edition

This tool allows you to take control of remote browsers, steal social
network credentials, obtain persistence on it, DDoS and more.
Demo: http://www.youtube.com/watch?v=B_AYyRFNokI

Main features:
- Hacking of Gmail, Yahoo, Facebook, Live, Linkedin
- Session persistence
- 0day exploits included
- Remote browser control
- DDoS by creating botnets
- Launch remote exploits
- Steal credentials

Questions? support...

Ruxcon 2012 Call For Papers

Thu, 19 Apr 2012 10:50:52 GMT

Posted by cfp on Apr 19

Ruxcon 2012 Call For Papers

The Ruxcon team is pleased to announce the call for papers for the 2012 annual Ruxcon conference.

This year the conference will take place over the weekend of 20th and 21st of October at the CQ Function Centre,
Melbourne, Australia.

The deadline for submissions is the 15th of July.

* What is Ruxcon?

Ruxcon is the premier technical computer security conference in the Australia. The conference aims to bring...