Edge-security blog about Penetration testing, OSINT, security tools, and other interesting stuff.
Sunday, January 27, 2008
Ajax security
Are you interested in learning about Ajax security? I did, so i got the book "Ajax Security" by Hoffman and Sullivan (2007, Addison Wesley, 470 pages), and it is really useful. The book is well organized, the explanations are very clear and the examples well chosen.
I learned a lot about Ajax and the security implications of this technology with this book, i highly recommend it.
Ajax Security, Addison Wesley
Check the content table
Metasploit 3.1
Well some time ago i posted about the Metasploit GUI, now the new version (3.1) has the GUI and the assistant polished, and the exploit number went up to 267!!
This project is growing and improving in every release :)
I downloaded the RC for windows and i liked a lot, here are some screenshots:
Wanna try the GUI in the new release?
https://metasploit.com/framework-3.1-rc1.exe
https://metasploit.com/framework-3.1-rc1.tar.gz
Enjoy :)
This project is growing and improving in every release :)
I downloaded the RC for windows and i liked a lot, here are some screenshots:
Wanna try the GUI in the new release?
https://metasploit.com/framework-3.1-rc1.exe
https://metasploit.com/framework-3.1-rc1.tar.gz
Enjoy :)
Friday, January 11, 2008
Portbunny - Port scanning improvement
A new port scanner has been released by the Recurity Labs guys (FX), it has some improvements over the well known scanners (Nmap). It's was developed for the security professionals, with performance in mind. As stated in Portbunny webpage:
"PortBunny is a Linux-kernel-based port-scanner created by Recurity Labs. Its aim is to provide a reliable and fast TCP-SYN-port-scanner which performs sophisticated timing based on the use of so called "trigger"-packets. The port-scan is performed in 2 steps: First the scanner tries to find packets, to which the target responds ("triggers"). Second, the actual port-scan is performed. During the scan, the triggers, which were found in the first scanning-phase, are used to determine the optimal speed at which the target may be scanned."
Portbunny webpage
Enjoy.
Subscribe to:
Posts (Atom)
Wfuzz 2.2.0 released
I'm pleased to announce a new version of WFuzz! Wfuzz has been created to facilitate the task in web applications assessments and it...
-
In the last few weeks everyone has been talking about Shellshock, the vulnerability affecting bash and having security ramifications everyw...
-
I'm pleased to announce a new version of WFuzz! Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for findi...
-
In one of the latest penetration tests we faced a SSH server that was based in Maverick SSHTOOLS. The funny thing is that this server was ...