Web App Security

hydra and HTTP NTLM

Wed, 23 May 2012 12:36:51 GMT

Posted by Robin Wood on May 23

Anyone know how to use the new HTTP NTLM feature in Hydra? I'm trying
to brute force a MS Front Page login which only asks for
authentication when the OPTIONS method is used as far as I can tell.

Robin

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus...

t2'12: Call for Papers 2012 (Helsinki / Finland)

Mon, 14 May 2012 22:17:25 GMT

Posted by Tomi Tuominen on May 14

# t2'12 - Call For Papers #
Helsinki, Finland
October 25 - 26, 2012

We are pleased to announce the annual t2'12 infosec conference, which
will take place in Helsinki, Finland, from October 25 to 26, 2012.

We are looking for original, preferably technical presentations in the
fields of information security. Presentations should last a minimum of
60 minutes and a maximum of two...

A survey on web application attacks

Mon, 14 May 2012 19:20:35 GMT

Posted by Hannes Holm on May 14

Hi webappsec subscribers,

I am researching the domain consensus regarding the effectiveness of different web application firewalls (WAF)s and
would be glad if you could spare a few minutes of your time to answer a survey on the topic.

By completing this survey you will:

* Help build valuable domain consensus on the topic of WAF effectiveness.
* Be able to compare your answers to the answers of others.
* Have the chance to win a 100 USD...

Abusing Password Managers with XSS

Thu, 26 Apr 2012 01:51:05 GMT

Posted by mastah yeti on Apr 25

New post on abusing password managers through xss.
http://labs.neohapsis.com/2012/04/25/abusing-password-managers-with-xss/

[HITB-Announce] HITB Magazine Issue 008 (now with print edition!)

Mon, 23 Apr 2012 23:14:08 GMT

Posted by Hafez Kamal on Apr 23

The 8th issue of the HITB Quarterly Magazine is now available for download!

http://magazine.hitb.org/

This edition is a little bit 'lighter' than previous issues as the
editorial team is busy working on an extra special release for our 10th
year anniversary conference in October, HITBSecConf2012 - Malaysia.

http://conference.hitb.org/hitbsecconf2012kul/

For the first time ever though, we're making print editions of the
magazine...

Ruxcon 2012 Call For Papers

Sat, 21 Apr 2012 06:17:18 GMT

Posted by cfp on Apr 20

Ruxcon 2012 Call For Papers

The Ruxcon team is pleased to announce the call for papers for the 2012 annual Ruxcon conference.

This year the conference will take place over the weekend of 20th and 21st of October at the CQ Function Centre,
Melbourne, Australia.

The deadline for submissions is the 15th of July.

* What is Ruxcon?

Ruxcon is the premier technical computer security conference in the Australia. The conference aims to bring...

Passwords^12 : Call for Presentations

Wed, 18 Apr 2012 11:10:02 GMT

Posted by Per Thorsheim on Apr 18

For the third time I am happy to announce a Call for Presentations for
Passwords^12.

Passwords^12 will be held at the University of Oslo (Norway) on December
3-4, 2012. The 2-day conference will be free and open for anyone to
attend. Please do note that our primary audience will be academics and
security professionals with deep technical knowledge. This is a
conference with international speakers and participants, presenting
fresh ideas and...

winAUTOPWN v3.0 Released

Wed, 18 Apr 2012 11:07:24 GMT

Posted by QUAKER DOOMER on Apr 18

Dear all,

This is to announce release of winAUTOPWN version 3.0

The improved GUI extension - WINAUTOPWN ACTIVE SYSTEMS TRANSGRESSOR GUI [ C4 - WAST ] is a
Systems and Network Exploitation Framework built on the famous winAUTOPWN as a backend.
C4 - WAST gives users the freedom to select individual exploits and use them.

A complete list of all Exploits in winAUTOPWN is available inside MISC\CHANGELOG.TXT
A complete list of User Interface...

SEC Consult whitepaper :: The Source Is A Lie

Wed, 18 Apr 2012 11:03:32 GMT

Posted by SEC Consult Vulnerability Lab on Apr 18

SEC Consult Vulnerability Lab released a new whitepaper titled:
"The Source Is A Lie"

Abstract:
---------
Backdoors have always been a concern of the security community. In
recent years the idea of not trusting the developer has gained momentum
and manifested itself in various forms of source code review. For Java,
being one of the most popular programming languages, numerous tools and
papers have been written to help during reviews....

OWASP ZAP 1.4.0 released

Mon, 09 Apr 2012 01:25:37 GMT

Posted by psiinon on Apr 08

Hi folks,

I'm very pleased to announce that version 1.4.0 of the OWASP Zed
Attack Proxy (ZAP) has now been released.

This release adds the following main features:
* Syntax highlighting
* fuzzdb integration
* Parameter analysis
* Enhanced XSS scanner
* A port of some of the Watcher checks
* Plugable extensions

And a load of bugfixes!

For more information and to download this release please visit the ZAP
homepage:...

Re: Time based Blind SQL injection

Fri, 30 Mar 2012 22:29:05 GMT

Posted by martin . mngoma on Mar 30

Hi guys

Just off the topic, can any of you help me.

I need a vulnerability scanner that can scan WCF web services (silver light technologies )as acunetix does not support
wcf yet.

All help will be appreciated

Thanks
Martin
Sent from my BlackBerry® wireless device

-----Original Message-----
From: Yiannis Koukouras <ikoukouras () gmail com>
Sender: listbounce () securityfocus com
Date: Thu, 29 Mar 2012 21:04:00
To: Danux<danuxx ()...

Re: Time based Blind SQL injection

Fri, 30 Mar 2012 00:47:51 GMT

Posted by Yiannis Koukouras on Mar 29

So, the only difference, from other tools out there, is the support of TAB(%09)?

Am I missing something?

Thanks for sharing! :)

Cheers,
Ioannis (Yiannis) Koukouras
CISSP, CISA, CISM, OSCP
MSc in Computer Systems Security
BEng in Electronic Engineering
http://www.linkedin.com/in/ikoukouras
---

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website...

Re: Time based Blind SQL injection

Fri, 30 Mar 2012 00:44:20 GMT

Posted by Yiannis Koukouras on Mar 29

Cool, I just wanted to be sure I didn't miss anything else...

Again thanx for sharing! :)

Ioannis (Yiannis) Koukouras
CISSP, CISA, CISM, OSCP
MSc in Computer Systems Security
BEng in Electronic Engineering
http://www.linkedin.com/in/ikoukouras

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!...

winAUTOPWN v2.9 - As [ C4 - WAST ]

Wed, 21 Mar 2012 11:16:36 GMT

Posted by QUAKER DOOMER on Mar 21

Dear all,

It has been more than 3 YEARS since the first version of winAUTOPWN.
This is to announce release of winAUTOPWN version 2.9

This version introduces an improved GUI extension - WINAUTOPWN ACTIVE SYSTEMS
TRANSGRESSOR GUI [ C4 - WAST ]
C4 - WAST gives the user the freedom to select individual exploits and use them.
Note that the legacy winAUTOPWN feature to fire all exploits available for open ports
discovered is still present and has...

Re: FBController - (Facebook Control Utility) version 4.0 { With 0-DAY Features }

Thu, 15 Mar 2012 21:00:26 GMT

Posted by Alex on Mar 15

You probably should purchase an ad if you're going to try to sell
something. Just some friendly guidence. Good luck!

Alex Fernandez-Gatti
"Laws control the lesser man. Right conduct controls the greater
one." - Chinese Proverb

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!...