ClubHack2008 presentations are online.
Apologies for delay in videos, they will follow soon :)
http://clubhack.com/2008/Presentations
team ClubHack
Saturday, December 27, 2008
ClubHack2008 Presentations now online!
team ClubHack
ShmooCon Tickets Round 2.1
2008-12-27 02:48:59 : The news you've been waiting for...
Ticket
Sales Round 2.1 will open this Sunday, Dec 28 at noon EST. The cart has
been revamped, the server updated, and we're confident (enough) to go
ahead and try again.
A limited amount of tickets will be available. Exact numbers are still TBD - we'll post that information tomorrow.
Should you miss out on this round there's still Round 3 on Jan 1. At noon people. Eastern Standard.
Thursday, December 18, 2008
Wednesday, December 17, 2008
Tuesday, December 16, 2008
Monday, December 15, 2008
Throwing Shoes
Not security related at all, but well worth the 30 seconds:
http://www.buzzfeed.com/expresident/throwing-stuff-at-bush/
http://www.buzzfeed.com/expresident/throwing-stuff-at-bush/
HD Moore's Infiltrator
Don't know if I linked this yet, but it's definitely worth the repeat:
http://ipwn.mobi/products.html
http://ipwn.mobi/products.html
DEFCON 16 Recap
Ya, I know it's a bit late, but it's a really well written recap on DEFCON 16:
http://usefulfor.com/security/2008/08/21/defcon-16-las-vegas-2008/
http://usefulfor.com/security/2008/08/21/defcon-16-las-vegas-2008/
Sunday, December 14, 2008
Metasploit Decloaking Engine
Check it out at: http://metasploit.com/data/decloak/
This tool demonstrates a system for identifying the real IP address of a web user, regardless of proxy settings, using a combination of client-side technologies and custom services. No vulnerabilities are exploited by this tool. A properly configured Tor setup should not result in any identifying information being exposed.
POP3 via Command Line
Ok, so you've done SMTP via Telnet and spoofed yourself some funny emails. Here is how you can retrieve those emails, and maybe delete a few ;-)
http://klingonwarrior.com/cms/?p=43
http://klingonwarrior.com/cms/?p=43
Burp Suite v1.2 Released
Yes, it's true, it's here: http://blog.portswigger.net/2008/12/burp-suite-v12-released.html
Burp Suite v1.2 is now available to download. This is a major upgrade with a host of new features, including:
Site map showing information accumulated about target applications in tree and table form
Suite-level target scope configuration, driving numerous individual tool actions
Display filters on site map and Proxy request history
Suite-wide search function
Support for invisible proxying
Fully fledged web vulnerability scanner [Pro version only]
Ability to save and restore state [Pro version only]
The series of posts below this one describe the new features in more detail.
Many thanks to everyone who helped with the beta testing and gave me their feedback - this was much appreciated.
Have fun!
Bacon Bowl - Yes it's that cool
Get your picture based turn by turn at the below address:
http://picasaweb.google.com/isaactr/BaconBowlFilledWithPoutine#
http://picasaweb.google.com/isaactr/BaconBowlFilledWithPoutine#
Friday, December 5, 2008
Newpaper for your RSS feeds
Print your RSS feeds to paper in a readable format:
http://feedjournal.com/
Thanks Post_Break (http://www.iamthekiller.net/)
http://feedjournal.com/
Thanks Post_Break (http://www.iamthekiller.net/)
Monday, December 1, 2008
Self Publish with Amazon
If you are an author, musician, filmmaker, publisher, or studio, check out complete on-demand self-publishing, print on demand, and disc on demand services through BookSurge and CreateSpace, members of the Amazon group of companies. These services allow you to self-publish and sell your book, CD or DVD without inventory.
http://www.amazon.com/gp/seller-account/mm-summary-page.html?ie=UTF8&ld=AZFooterSelfPublish&topic=200260520
http://www.amazon.com/gp/seller-account/mm-summary-page.html?ie=UTF8&ld=AZFooterSelfPublish&topic=200260520
Saturday, November 29, 2008
The Other Half of "Artists Ship"
This will probably make it to my blog but I wanted to get it saved somewhere first. This is a great read and dead on true.
http://www.paulgraham.com/artistsship.html
http://www.paulgraham.com/artistsship.html
Wiki Article on Web Attacks
Doesn't beat the OWASP wiki, but a very interesting read non the less.
http://www.ossec.net/wiki/index.php/WebAttacks_links
http://www.ossec.net/wiki/index.php/WebAttacks_links
Friday, November 28, 2008
Security Database Tools Watch
If you didn't know about it already, this is a pretty good site for finding out about new tools that are getting released. Not a daily reader, but definitely an RSS.
http://www.security-database.com/toolswatch/
http://www.security-database.com/toolswatch/
Introverted Intuitive Thinging Judging
I saw someone post something (yes that is all I can remember) about INTJ's. So I looked up what it was, and I have come to the conclusion that most people in the Info Sec realm are this type of person, but please look around and see if you fit something else:
http://typelogic.com/intj.html
http://typelogic.com/intj.html
Tuesday, November 25, 2008
Mina the translator
She takes obfuscated javascript and give you beautiful shiny code that you can read:
RT @s7ephen: Video of "The Mina" Javascript Malware Deobfuscator tool at work: http://tinyurl.com/69vfeg (big flash) http://tinyurl.com/69sep9 (youtube)
RT @s7ephen: Video of "The Mina" Javascript Malware Deobfuscator tool at work: http://tinyurl.com/69vfeg (big flash) http://tinyurl.com/69sep9 (youtube)
Sunbelt's VIPRE AV Black Friday Pricecut
One of the most under hyped av product on the market. It runs with less resources than bloated Symantec or McAfee and catches more than NOD32. For 9.95 you can't really beat it. But it goes back up to 30 bucks soon after black friday so get your copy.
http://sunbeltblog.blogspot.com/2008/11/black-friday-pricing.html
http://sunbeltblog.blogspot.com/2008/11/black-friday-pricing.html
Sunday, November 23, 2008
Clickjacking the iPhone
Logging into your bank via your handy dandy iphone is no longer save.
http://ejohn.org/blog/clickjacking-iphone-attack/
http://ejohn.org/blog/clickjacking-iphone-attack/
Saturday, November 22, 2008
Diet Coke + Mentos
If you haven't seen this video yet, it's awesome and I revisited today and thought I would share:
Nick Farr's lonely site
One of the most influential people in Hacker Spaces hasn't made one change to his site since 2004. And if you can read the sign you'll get a kick out of it.
http://nickfarr.org/
http://nickfarr.org/
Friday, November 21, 2008
Dropped off the face of the Earth
So except for a couple updates, I have really dropped this page to the side for a bit due to some other projects but it's coming. Sorry for the lack of updates.
Thursday, November 13, 2008
You get signal
This is a great site for a good many things like:
- Whois
- Port-Forwarding Tester
- IP Geo mapping
- Phone # Geo mapping
Wednesday, November 12, 2008
ShmooCon room block open!
The booking code is shoshoa
http://www.shmoocon.org/news.html
HOTEL LINK: http://www.marriott.com/hotels/travel/wasdt-marriott-wardman-park-hotel/
http://www.shmoocon.org/news.html
HOTEL LINK: http://www.marriott.com/hotels/travel/wasdt-marriott-wardman-park-hotel/
Sunday, November 9, 2008
SIPvicious
Yes, this is the guy you want on your team not against you, because next time you try and make a call you'll be calling Hong Kong on the company dime.
http://sipvicious.org/blog/
http://sipvicious.org/blog/
Friday, October 31, 2008
MetaSploit Timeline
Ever wanted to know what exactly changed? Check out the following link:
http://metasploit.com/dev/trac/timeline
http://metasploit.com/dev/trac/timeline
Thursday, October 30, 2008
10 Linux Desktop Themes
These are pretty sweet. I know I have been slacking on the security links and I swear this is the last frufru for a while.
http://www.linuxhaxor.net/2008/10/10/10-finger-licking-linux-desktopthemes/
http://www.linuxhaxor.net/2008/10/10/10-finger-licking-linux-desktopthemes/
Wednesday, October 29, 2008
Tuesday, October 28, 2008
Malware Challenge Answer
More than you ever wanted to know about what you can do with Malware without executing it:
http://hype-free.blogspot.com/2008/10/solution-to-malware-challenge.html
http://hype-free.blogspot.com/2008/10/solution-to-malware-challenge.html
CD Burning on the Road
Who still burns CDs? Well, if you do, keep this program handy on your USB stick. It does DVDs and CDs alike and can handle most formats:
http://cdburnerxp.se/
http://cdburnerxp.se/
Thursday, October 23, 2008
Fail Whale
Nothing can compare the the level of "Fail" shown here:
http://www.flickr.com/photos/44124451045@N01/2783265768/
http://www.flickr.com/photos/44124451045@N01/2783265768/
Terry Tate is back and ANNNGGRRRY
The PAIN TRAIN was coming, you didn't believe me, but now it's HERE and you better be ready! 'cause it's coming for YOU
http://returnofterrytate.com/
http://returnofterrytate.com/
Wednesday, October 22, 2008
The Zone-H of XSS
http://www.xssed.com/
And if you don't know what Zone-H is: http://www.zone-h.org/content/view/76/86/
It's an archive, but some would say a "leader board" of defaced web sites.
And if you don't know what Zone-H is: http://www.zone-h.org/content/view/76/86/
It's an archive, but some would say a "leader board" of defaced web sites.
Tuesday, October 21, 2008
A little something for iPhone fanboys
Yes, I am one of them and I still thought this was hilarious:
http://dilbert.com/strips/comic/2008-10-20/
http://dilbert.com/strips/comic/2008-10-20/
Infinity Exists
An interesting video blog that goes into some pretty deep topics. They are a bit young and are into the "underground", but great content.
http://infinityexists.com/
http://infinityexists.com/
Monday, October 20, 2008
Synergy on Steroids
Yup, that's right, someone made a better virtual KVM. Here is the problem, it's only for Winders
http://www.inputdirector.com/
http://www.inputdirector.com/
Sunday, October 19, 2008
SQL Injection for the Boss
I asked the question on twitter a while ago and Daniel Miessler posted about it (There are some really good comments):
http://dmiessler.com/blog/how-does-one-explain-sql-injection-to-a-non-techie
http://dmiessler.com/blog/how-does-one-explain-sql-injection-to-a-non-techie
Michael Mcintyre
Sorry for linking MySpace but this dude is hilarious.
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendID=131621659
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendID=131621659
Saturday, October 18, 2008
Label it FAIL
Oh yes, now you too can label things properly. Who needs photoshop!
http://www.zestuff.com/home-and-office/stickers/fail-sticker.aspx
http://www.zestuff.com/home-and-office/stickers/fail-sticker.aspx
Office Poltergeist
No, I didn't even have to think up an interesting title for this one, it's actually what the app is called:
http://geniushackers.com/blog/2008/03/10/officepoltergeist-play-pranks-on-your-friends-with-this-open-source-software/
http://geniushackers.com/blog/2008/03/10/officepoltergeist-play-pranks-on-your-friends-with-this-open-source-software/
Thursday, October 16, 2008
Alternatives to VirusTotal
You can never have too much information.
http://anubis.iseclab.org/?Anubis
http://virusscan.jotti.org/
http://anubis.iseclab.org/?Anubis
http://virusscan.jotti.org/
RegEx builder for Googling your MOSS
Haven't played with it yet, but it's from Hak5's latest ep, and Dan Griffin released it at toorcon. Use the tool to search your sharepoint server for credit card numbers, and other PII.
http://www.codeplex.com/MossRegExSearch
http://www.codeplex.com/MossRegExSearch
Wednesday, October 15, 2008
John Strand's Penetration Testing Videos
Now isn't that much nicer than saying "Hacking" ;-)
http://vimeo.com/user595761/videos/sort:date
http://vimeo.com/user595761/videos/sort:date
Tuesday, October 14, 2008
Don't Use Default Passwords
You tell your users to not use default passwords. Now you can check to see if they are doing as you asked.
http://midnightresearch.com/pages/depant-your-network/
http://midnightresearch.com/pages/depant-your-network/
Thursday, October 9, 2008
Ubuntu Tweak
Sweet app that helps you tweak out your ubuntu install
Ubuntu Unleashed: New: Ubuntu tweak 0.4.0 Released!
Ubuntu Unleashed: New: Ubuntu tweak 0.4.0 Released!
Wednesday, October 8, 2008
Doing great things
These are a bunch of leading edge guys doing great things. Check out Episode 11 of Securabit to get filled in.
Defcon Group 949
Defcon Group 949
ratproxy
Try running all of your traffic for the day through this baby. You will be surprised how many sites you no longer trust with your information.
ratproxy - Google Code
ratproxy - Google Code
Give Me Too!
Imagine Cain and Able's arp spoofing coupled with Network Miner's ability to reconstruct packets.
SpyArsenal.com - spy software free download page - Family Key Logger, Home Free Keylogger download, Internet Spy, network sniffer.
Ignore the rest of the crap on the page.
SpyArsenal.com - spy software free download page - Family Key Logger, Home Free Keylogger download, Internet Spy, network sniffer.
Ignore the rest of the crap on the page.
ShareMyApps.org
Not exactly sure that I like the idea of sharing what apps I have on my system but it a great resource ;-)
Share My Apps ( Home )
Share My Apps ( Home )
Network Security Toolkit VM
Haven't had the chance to play with this but it looks sweet. Network Security in a box, what could go wrong.
Network Security Toolkit (NST) Virtual Machine | Virtual Appliance Marketplace
Network Security Toolkit (NST) Virtual Machine | Virtual Appliance Marketplace
Smoothwall for the WRT Family
Well not exactly, but it's pretty awesome none the less. Does a lot more than OpenWRT as far as a real firewall/ips/ids.
PacketProtector.org: security solution for wireless routers
PacketProtector.org: security solution for wireless routers
RSS Change
Don't know if ya'll will see a difference, but I am now on feedburner at
http://feeds.feedburner.com/MubixsLinks
So if you are here because you stopped getting the feed, this is why.
http://feeds.feedburner.com/MubixsLinks
So if you are here because you stopped getting the feed, this is why.
Tuesday, October 7, 2008
Alex Eckleberry's Keynote
Alex's keynote which was basically a state of the union address via the virus world. Horrible video quality but content is what you are watching for.
http://sunbeltblog.blogspot.com/2008/10/virus-bulletin-2008-keynote-address.html
http://sunbeltblog.blogspot.com/2008/10/virus-bulletin-2008-keynote-address.html
Sweet Windows mod
Work in progress as of now to get my desktop to look like this except for the wallpaper.
http://lifehacker.com/5058949/windows-vista-with-a-live-thumbnail-sidebar
http://lifehacker.com/5058949/windows-vista-with-a-live-thumbnail-sidebar
shell fu
This is definitely something you want in your RSS feed and probably a weekly site visit:
http://www.shell-fu.org/
http://www.shell-fu.org/
Monday, October 6, 2008
New Registry Analysis Tool
I have no idea why this guy is so excited about this tool but I'm sure someone out there will benefit from it.
Windows Incident Response: New Registry Analysis Tools
Windows Incident Response: New Registry Analysis Tools
Another Google Chrome binge - SSL Indexing
Seriously, and I just read a article by a Google employee stating that it holds up better than any other browser while surfing malicious sites. (Great, but what if one gets through and can now access my clear text passwords and indexed SSL surfing)
http://www.readwriteweb.com/archives/chrome_password_protected_web.php
http://www.readwriteweb.com/archives/chrome_password_protected_web.php
Firewall and IDS Testing Tool
This was mentioned on a PaulDotCom blog post, I haven't tried it out yet.
http://dev.inversepath.com/trac/ftester
http://dev.inversepath.com/trac/ftester
The State of the Union
You will be surprised at what people said and searched for during the VP debates... Wow.. just wow..
Official Google Blog: The VP debate: Candidates, questions, and queries
Official Google Blog: The VP debate: Candidates, questions, and queries
Sunday, October 5, 2008
CoinStar Hacking
Sticking it to the man and his 9% cut: ;-) Disclaimer, this may be illegal, don't do it.. seriously, don't... really.. no... stop..
The ultimate users guide to hacking a CoinStar machine
The ultimate users guide to hacking a CoinStar machine
Please check your phone at the door
Metasploit on the iPhone doesn't hold a candle to this ubergadget. Might have to get your company to pay for it at the prices they are asking. (I can't blame them though, it's awesome)
http://neopwn.com/
It would be great if they would send me a demo! ;-)
http://neopwn.com/
It would be great if they would send me a demo! ;-)
Saturday, October 4, 2008
AppleTV as Boxee and XBMC
If you don't have a Boxee invite already just ping me and I will get one for ya, but I really wish I had a AppleTV now:
http://code.google.com/p/atvusb-creator/
http://code.google.com/p/atvusb-creator/
Thursday, October 2, 2008
Security Tools - unpublished
Here is a list of tools that don't get the lime light that often but are most impressive:
http://www.askapache.com/security/computer-security-toolbox-2.html
http://www.askapache.com/security/computer-security-toolbox-2.html
Your argument is irrelevant
My dog is batman, your argument is irrelevant.
http://www.zootropole.com.br/uploaded_images/9lfw5e-712261.jpg
http://www.zootropole.com.br/uploaded_images/9lfw5e-712261.jpg
Server Gated Cryptography
Knowing what this is just might get you a job:
http://en.wikipedia.org/wiki/Server_gated_cryptography
http://en.wikipedia.org/wiki/Server_gated_cryptography
Netbooks side by side
This was posted in August, but still a great side by side comparison:
http://gizmodo.com/5040400/a-comprehensive-list-of-ultraportables-netbooks-mini+notebooks-or-whatever-you-call-them
http://gizmodo.com/5040400/a-comprehensive-list-of-ultraportables-netbooks-mini+notebooks-or-whatever-you-call-them
Wednesday, October 1, 2008
Richard Mogull
http://securosis.com/ - his site.. currently talking about a huge TCP flaw that could DoS anything that uses TCP.. interesting.
Presentation Zen
So before you send you stuff to http://shmoocon.org/cfp.html you might want to check out http://www.presentationzen.com/
Web App Guru
Remember I asked for a Web App Sec Guru (WASG? Sounds like a stupid Cert), well this guy is one that finally decided to start posting to a blog. Don't hate on him yet. Let him get his feet wet in the blogisphere first.
http://jack-mannino.blogspot.com/
Definitely worth adding to your RSS feed reader. (Just in case he posts ever again...)
http://jack-mannino.blogspot.com/
Definitely worth adding to your RSS feed reader. (Just in case he posts ever again...)
Greasemonkey Text Area Backup script
This awesome little script keeps your text area from disappearing into /dev/null when Firefox decides to crash in the middle of an extremely long post that you had been working on for weeks and didn't save anywhere else other than in that stupid text area..... but I'm not mad..
http://lifehacker.com/photogallery/LH-Top-10|-Greasemonkey-User-Scripts/1682268
http://lifehacker.com/photogallery/LH-Top-10|-Greasemonkey-User-Scripts/1682268
Blackhat Forums
Another one of those, if you don't know you don't need to be there:
http://www.blackhat-forums.com
let me add Ryan1918 to the mix to so I don't have to post again.
http://www.blackhat-forums.com
let me add Ryan1918 to the mix to so I don't have to post again.
EC-Council Portal
Even though I have a C|EH now, this place still alludes my grasp as it takes them forever to do ANYTHING except take your money:
http://portal.eccouncil.org/forum/login_user.asp
Any good webapp sec gurus out there wanna help me out ;-)
http://portal.eccouncil.org/forum/login_user.asp
Any good webapp sec gurus out there wanna help me out ;-)
SurftheChannel is still there
Great way to stur up media guys, but they are still here, and still a great site to watch TV at work.. I mean, online..
http://www.surfthechannel.com/
http://www.surfthechannel.com/
McGoo
If have had the unfortunate luck of not coming across Mr. McGrew's website yet, then I am here to help in the fulfillment of your life. You can either google for "Killer Coding Ninja Monkey looks like Ulysses S. Grant" or simply click the link below:
http://www.mcgrewsecurity.com/
http://www.mcgrewsecurity.com/
Great non-govvie Security Site
Great site that tells it like it is, most of the time:
http://www.governmentsecurity.org/
http://www.governmentsecurity.org/
Department of Homeland Stupidity
Good article. Applies to big corporations too.
http://www.homelandstupidity.us/2006/03/20/government-computer-security-has-a-long-way-to-go/
http://www.homelandstupidity.us/2006/03/20/government-computer-security-has-a-long-way-to-go/
90 Day Botnet Count from Shadow Servers
Finally decreasing. People getting smarter or are dumb bot hearders getting caught?
http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.BotCount90-Days
http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.BotCount90-Days
John McCain
No, I am not a McCain hater, but damn is this funny:
http://i169.photobucket.com/albums/u220/jack603ny/John_Balls.jpg
http://i169.photobucket.com/albums/u220/jack603ny/John_Balls.jpg
Packet-o-Matic
Real-time packet processor - In other words it drumps useable STUFF from dumps.
http://www.packet-o-matic.org/
http://www.packet-o-matic.org/
Installing XP from USB
Two references:
- http://www.vandomburg.net/installing-windows-xp-from-usb/
- http://www.liliputing.com/2008/04/install-windows-xp-on-mini-note-usb.html
Fived - A Layer Five Daemon
If anyone can tell me what this actually does, that would be great.... mmmkay..
http://fived.capelis.dj/
http://fived.capelis.dj/
Tuesday, September 30, 2008
Backtrack 3 Teaser PWNS all
I realize BT3 is out, but this is an awesome video to get the word out a bit on what it can do. MUST SEE
http://www.offensive-security.com/movies/bt3teaser/bt3teaser.html
http://www.offensive-security.com/movies/bt3teaser/bt3teaser.html
Skype 4.0 fixes it's self
Finally the new version allows you to go into "Classic Compact View". Might download it and install it tonight. Anyone wanna give it a test?
Skype 4.0 beta 2 gives you more say | Software news, tips and opinions from Download.com editors - Download.com
Skype 4.0 beta 2 gives you more say | Software news, tips and opinions from Download.com editors - Download.com
Updates to Process Monitor and Zoomit. Sweet
Mark's stuff is awesome. Yes, even though he works under the corporate umbrella of Microsoft.
Sysinternals Site Discussion : Updates: Process Monitor v2.0, ZoomIt v2.11, Sigcheck v1.54, Contig v1.55 | A new Mark's Blog post: The Case of the Sloooow System | New Vista Springboard webcast
Sysinternals Site Discussion : Updates: Process Monitor v2.0, ZoomIt v2.11, Sigcheck v1.54, Contig v1.55 | A new Mark's Blog post: The Case of the Sloooow System | New Vista Springboard webcast
Process Monitor v2.0:
This major update to Process Monitor adds real-time TCP and UDP
monitoring to its existing process, thread, DLL, file system and
registry monitoring. You can now see the TCP and UDP activity processes
performed, including the operation (e.g. connect, send, receive), local
and remote IP addresses and DNS names, and operation transfer lengths.
On Windows Vista, Process Monitor also collects thread stacks for
network operations.
Shmoo Mailing Lists
Find a roomate at ShmooCon, find DC Geeks, or work on HostAP
https://lists.shmoo.com/mailman/listinfo
https://lists.shmoo.com/mailman/listinfo
Clickjacking
Finally I found a good description of Clickjacking, and find it hilarious that I used to play this game on people in High School making it impossible for them to push the button. This is just a reversal of that concept plus invisibility.
Snipped from:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9115818&intsrc=hm_ts_head
Snipped from:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9115818&intsrc=hm_ts_head
What is clickjacking? Good question. Getting to an answer, though, is a little tough, since Hansen and Grossman are keeping virtually all details confidential, at least for now. Here's how Grossman put it to Computerworld last Friday:
"Think of any button on any Web site that you can get to appear between the browser walls. Wire transfers on banks, Digg buttons, CPC advertising banners, Netflix queue.... The list is virtually endless, and these are relatively harmless examples. Next, consider that an attack can invisibly hover these buttons below the users' mouse, so that when they click on something they visually see, they actually are clicking on something the attacker wants them to."
Yet another saved password location
SQL Server 2005 Management password extraction - Easy as pie... Apple pie
http://blog.didierstevens.com/2008/09/29/quickpost-sql-server-2005-management-studio-and-password-management/
http://blog.didierstevens.com/2008/09/29/quickpost-sql-server-2005-management-studio-and-password-management/
Monday, September 29, 2008
Make an video avatar
Make a video avatar suitable for any forum. Just submit, time and download:
http://www.vtubetools.com/gifmaker/
http://www.vtubetools.com/gifmaker/
Apple Ultracompact USB Power Adapter Exchange Program
Broke it already? Well, they have a recall going on. Check it out.
https://supportform.apple.com/200809/
https://supportform.apple.com/200809/
MobaLiveCD - Portable LiveCD Virtualization
Boot a LiveCD anywhere on any windows box, without having to install VMware:
http://mobalivecd.mobatek.net/en/index.php
http://mobalivecd.mobatek.net/en/index.php
Step by step - Make your own Wordpress theme
This post is geared to a few friends who I know are currently in a transitional period:
http://themetation.com/2008/07/14/how-to-create-wordpress-themes-from-scratch-part-1/
http://themetation.com/2008/07/14/how-to-create-wordpress-themes-from-scratch-part-1/
RSnake's XSS Cheatsheet
http://ha.ckers.org/xss.html
also, definitely check out CAL9000 OWASP Project: http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project
also, definitely check out CAL9000 OWASP Project: http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project
Useful Wallpaper
Here is a Linux CLI reference as a wallpaper that is actually designed well
http://www.gnome-look.org/content/preview.php?preview=1&id=88383&file1=88383-1.png&file2=&file3=&name=Linux-Unix+command+guide
http://www.gnome-look.org/content/preview.php?preview=1&id=88383&file1=88383-1.png&file2=&file3=&name=Linux-Unix+command+guide
Virus Total
If you haven't been here yet, it's a great place to check a file to see if it is a virus, you can also see some basic PE data:
http://www.virustotal.com/
http://www.virustotal.com/
Youtube now allowing 1GB files. Woot
Not like I actually posted Youtube videos, but hey. Cool beans
http://lifehacker.com/5056485/youtube-bumps-video-clip-upload-size-to-1gb
http://lifehacker.com/5056485/youtube-bumps-video-clip-upload-size-to-1gb
(IN)SECURE Magazine Issue 18 is out
Started printing this on Friday not realizing that it's over 100 pages of color... Oops, glad it's not my dime... Thank you 700 billion dollar bailout. ;-)
http://www.net-security.org/insecuremag.php
http://www.net-security.org/insecuremag.php
Automated? SQL Injection Framework
Something I don't like about the word Automated and "SQL Injection" together.
http://www.darknet.org.uk/2008/09/bsql-hacker-automated-sql-injection-framework/
http://www.darknet.org.uk/2008/09/bsql-hacker-automated-sql-injection-framework/
IP Address Regular Expression
http://riskable.com/2008/09/17/tip-regular-expression-to-match-any-ip-address-in-foxyproxy
https?://[1-9][0-9]?[0-9]?.[0-9][0-9]?[0-9]?.[0-9][0-9]?[0-9]?.[0-9][0-9]?[0-9]?.*
https?://[1-9][0-9]?[0-9]?.[0-9][0-9]?[0-9]?.[0-9][0-9]?[0-9]?.[0-9][0-9]?[0-9]?.*
Pyrit
http://code.google.com/p/pyrit/
Pyrit takes a step ahead in attacking WPA-PSK and WPA2-PSK,
the protocol that today de-facto protects public WIFI-airspace. The
project's goal is to estimate the real-world security provided by these
protocols. Pyrit does not provide binary files or wordlists and does
not encourage anyone to participate or engage in any harmful activity. This is a research project, not a cracking tool.Pyrit's implementation allows to create massive databases,
pre-computing part of the WPA/WPA2-PSK authentication phase in a
space-time-tradeoff. The performance gain for real-world-attacks is in
the range of three orders of magnitude which urges for re-consideration
of the protocol's security. Exploiting the computational power of GPUs,
Pyrit is currently by far the most powerful attack against one of the world's most used security-protocols.
Wednesday, September 24, 2008
My Links
So this is where I will blog about things I find on the internet that I think is interesting and it won't contain much more than a link, embed and maybe a few comments.
Subscribe to:
Posts (Atom)