ClubHack2008 presentations are online.
Apologies for delay in videos, they will follow soon :)
Sales Round 2.1 will open this Sunday, Dec 28 at noon EST. The cart has
been revamped, the server updated, and we're confident (enough) to go
ahead and try again.
A limited amount of tickets will be available. Exact numbers are still TBD - we'll post that information tomorrow.
Should you miss out on this round there's still Round 3 on Jan 1. At noon people. Eastern Standard.
This tool demonstrates a system for identifying the real IP address of a web user, regardless of proxy settings, using a combination of client-side technologies and custom services. No vulnerabilities are exploited by this tool. A properly configured Tor setup should not result in any identifying information being exposed.
Burp Suite v1.2 is now available to download. This is a major upgrade with a host of new features, including:
Site map showing information accumulated about target applications in tree and table form
Suite-level target scope configuration, driving numerous individual tool actions
Display filters on site map and Proxy request history
Suite-wide search function
Support for invisible proxying
Fully fledged web vulnerability scanner [Pro version only]
Ability to save and restore state [Pro version only]
The series of posts below this one describe the new features in more detail.
Many thanks to everyone who helped with the beta testing and gave me their feedback - this was much appreciated.
Process Monitor v2.0:
This major update to Process Monitor adds real-time TCP and UDP
monitoring to its existing process, thread, DLL, file system and
registry monitoring. You can now see the TCP and UDP activity processes
performed, including the operation (e.g. connect, send, receive), local
and remote IP addresses and DNS names, and operation transfer lengths.
On Windows Vista, Process Monitor also collects thread stacks for
Pyrit takes a step ahead in attacking WPA-PSK and WPA2-PSK,
the protocol that today de-facto protects public WIFI-airspace. The
project's goal is to estimate the real-world security provided by these
protocols. Pyrit does not provide binary files or wordlists and does
not encourage anyone to participate or engage in any harmful activity. This is a research project, not a cracking tool.
Pyrit's implementation allows to create massive databases,
pre-computing part of the WPA/WPA2-PSK authentication phase in a
space-time-tradeoff. The performance gain for real-world-attacks is in
the range of three orders of magnitude which urges for re-consideration
of the protocol's security. Exploiting the computational power of GPUs,
Pyrit is currently by far the most powerful attack against one of the world's most used security-protocols.