 |
Who's Online |
 |
|
There are currently, 27 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
|
|
|
 |
| |
Welcome to the Professional Security Testers Warehouse (PST)
The companies listed below are long term sponsors or supporters of www.professionalsecuritytesters.org. Their support allow us to keep the site up and running. Their contribution ensures that YOU (the end user) can get FREE access to great resources. Please do support them as they support us, visit their sites and see how they can help you achieve your certification and enterprise security goals.
This site is for professionnal security testers. It is not a script kiddie web site. You will not find TONS of tools but simply a nice community with no large ego. Everyone is welcome whether you are new to the field or very experience. |
|
 oCERT Open Source Computer Emergency Response Team
Posted by boss on Tuesday, May 06 @ 08:53:15 EDT (81 reads)
Anonymous writes "Robert McMillan, IDG News Service
http://news.yahoo.com/s/pcworld/20080506/tc_pcworld/145508&printer=1;_ylt=AoQ9ZrUeNtSO4_0KHFsk5VoRSLMF
Google has thrown its weight behind a fledgling security reporting group for the open-source community.
The search engine giant, long a proponent of open-source software, is now one of three sponsors of oCERT, the Open Source Computer Emergency Response Team.
Launched in late March, oCERT aims to be a clearinghouse for data on security vulnerabilities in open-source products, keeping open-source distributors on top of flaws and helping small software projects
ensure that users of their code are aware of any issues.
OCERT has published four advisories since its inception. In addition to Google, it is sponsored by Inverse Path and the Open Source Lab.
There are already many national CERT efforts, which coordinate countrywide responses to security threats, but oCERT hopes to meet the unique requirements of the open-source community, where software is often re-used but patches are not always circulated to everyone who needs them.
"It is my hope that this initiative will not only aid in remediating security issues in a timely fashion, but also provide a means for additional security contributions to the open source community," wrote Google's Will Drewry in a Monday post to the company's security blog. Visit the oCERT web site at: http://www.ocert.org/"
(comments? | Score: 0)
|
|
EC-Council Offers Details and Insights on CEH v6
Posted by boss on Tuesday, May 06 @ 08:52:47 EDT (69 reads)
Lou writes "As seen on the Ethical Hacker Network:
SUMMARY
The latest version of the Certified Ethical Hacker (CEH) Courseware is due to be released and presented for the first time at Hacker Halted USA 2008 in June. Many small details of CEH Version 6 have been peppered on the Internet, as well as snippets of teaser copy on EC-Council’s own web site.
“With a total of 28 new and never seen before modules, covering the latest concepts, featuring more real life cases, and showcasing the latest hacking and security tools, the Certified Ethical Hacker (Version 6) will be the most advanced course ever.”
...an interview with EC-Council to see if we could get confirmation as well as clarification.
For the full article:
http://www.ethicalhacker.net/content/view/190/24/"
(comments? | Score: 0)
|
|
Kiwicon 2008, Wellington, New Zealand
Posted by boss on Wednesday, April 30 @ 11:08:56 EDT (107 reads)
Anonymous writes "[--- www.kiwicon.org ---]
Holy sheepshit, internets! Blanket-Man[1] has wrung out his loin cloth and is ready to fly-tackle more heavy metal t-shirt wearing nerds with large egos and irc handles. Yes, it's time to open up your ~/haxing folder and get your talk together for Kiwicon 2k8! We've put out the black t-shirts, and deflated some satellite radomes, so where, as our more criminal yet fetchingly bikini clad cousins might say, the bloody hell are you?
The Kiwicon Crüe is proud to announce the initial call for presenters for the second installment of New Zealand's very own security conference: Kiwicon 2k8.
[About]
Kiwicon2k8 is intended to be an informal conference, drawing on the wider security community of Australia and New Zealand. It will be held in Wellington, New Zealand, on the weekend of the 27th and 28th of September, 2008.
Kiwicon's focus is on sharing information; ideas, code, and good whisky, in a rabelaisan carnival of security, nerdery, and *nix beards.
Last year, the inaugural Kiwicon ended up being kind of a big deal: highlights included tmasky's mighty Crackstation, the debut of Beau Butler as an "ethical hacker" making Microsoft "look like turkeys", and
of course the Kiwicon Hax0r Quiz, with the winner taking the grand prize of An Illustrated Guide to the Commoner Skin Diseases. Hope it came in handy for the post-con diagnosis phase, dude.
This year, Kiwicon's own Bogan is already making anti-virus vendors quake in their little signature-laden booties at Defcon's Race to Zero, and the cauldron of 0h-0h-0hday in Brett Moore's secret Insomnia lair is
bubbling over with pernicious brew. If you missed last Kiwicon (not "professional enough"? couldn't convince your boss it wasn't a hoax?) then find one of the 230+ people who were there and ask them if they're
just-not-gonna-bother this year.
[Venue]
Our hosts for the weekend will, once again, be Victoria University of Wellington. If you have any memory of last year's Kiwicon, then it'll look disturbingly familiar.
The campus has the advantage of being close to the center of the city and its' various amenities. This includes cheap accommodation, good coffee, and, more importantly, several good pubs serving good,
non-Australian, beer.
[Costs]
Kiwicon2k8 is a non-profit, non-commercial, non-corporate-funded event.
Attendance for the entire weekend will cost $50 for employed individuals (self-employed and salaried). There is a discounted rate of $30 for students and the unemployed. GST receipts can be issued upon request. If your management can't be convinced of the value of something that only costs $50, we're happy to issue you with some kind of personalised limited edition invitation in crayon, glitter pen, and macaroni
(spray-painted gold for that luxe look) for the low enterprise-only price of $500.
[Topics]
Suggested topics include but are not limited to:
- Crowd Control Techniques and Panic Modeling
- Information Warfare / Industrial Espionage
- Malware (Viruses, Spam, Phishing, Botnets)
- Cellular Networks (GSM,GPRS,CDMA,3G,4G)
- Application Security, Testing, Fuzzing
- Government Spy Networks / Surveillance
- Nanotechnology / Quantum Computing
- Access Control and Authentication
- Wireless / Bluetooth / Infrared
- Social Engineering / Trolling
- Breaking EAL Certified Kit
- Forensics / Antiforensics
- Banking / ATMs / Carding
- Exploitation Techniques
- Layer 1/2/3 Nastiness
- Reverse Engineering
- Phreaking / VoIP
- Virtualisation
- Web Security
- Lockpicking
- Biometrics
- Hypnosis
- Crypto
- Ohday
- 23
There is no pre-determined talk length but we ask that speakers limit their presentation to an hour, including some question time.
Since Kiwicon is a non-profit organisation, there is no funding available for travel and/or accomodation, even for IT rockstars. However, if your talk is accepted, a formal letter will be provided for employer leverage, and almost certainly, unless you're a complete jackoff, people will try and buy you beer.
To submit a presentation to Kiwicon2k8, send an email to cfp@kiwicon.org with the following information:
Name or Handle:
Country of Residence:
Employer (if applicable):
Presentation Title:
Presentation Length:
Presentation Synopsis:
Brief Bio:
[CFP Submissions]
Please submit your CFP by email to cfp@kiwicon.org, no later than 8:47pm NZST, Sunday 17th September 2008. There will be two rounds of selection, with the first half of the talks chosen in August, so submit early for a better chance of acceptance.
[Contacts & Further Information]
Email us: kiwicon@kiwicon.org
Check the site: http://www.kiwicon.org/
Drop by silc: silc.isig.org.nz:2706/kiwicon
Join the list: kiwicon-subscribe@lists.isig.org.nz
Greetz and thanks to all who helped make Kiwicon 2k7 the awesomeness it was, we'll see you *****ers again this year. Thick, meaty props to Pipes for stepping up and making 2k7 happen. We would miss you, but Sharrow's just as tall, and better looking. Sorry pal.
-- The Kiwicon Crüe, 2k8 - Bogan, Metlstorm & Sharrow. m/
[1] http://en.wikipedia.org/wiki/Ben_Hana"
(comments? | Score: 0)
|
|
Netcat over SSL (Neat...)
Posted by boss on Tuesday, April 29 @ 11:54:37 EDT (182 reads)
Anonymous writes "Hello list,
I updated a tool I wrote a long time ago. This time, it
features:
- full SSL support (client and server with certificates)
- port proxying (TCP and UDP)
- SSL proxying
- IPv4/IPv6 proxying
- IPv4 and IPv6 support
To know more:
http://www.gomor.org/bin/view/GomorOrg/SslNetcat"
(comments? | Score: 0)
|
|
fgdump (2.0.0) and pwdump (1.7.1) has been released
Posted by boss on Monday, April 28 @ 11:46:37 EDT (127 reads)
Anonymous writes "Folks,
The foofus.net team is pleased to announce updates to both fgdump (2.0.0) and pwdump (1.7.1), which incorporate a number of new features, the most significant of which is that both tools now support 64-bit targets.
We are also pleased to announce the creation of a mailing list for the purposes of tool support, bug reports, feature requests and new revision announcements. This mailing list currently covers fgdump, pwdump and medusa. Feel free to sign up at http://lists.foofus.net/listinfo.cgi/foofus-tools-foofus.net.
For all the details on the latest fgdump and pwdump releases, please visit their home pages:
http://www.foofus.net/fizzgig/fgdump
http://www.foofus.net/fizzgig/pwdump
As always, please contact me with any bug reports or feature requests.
--f fizzgig@foofus.net"
(comments? | Score: 0)
|
|
Issue 16 of Insecure Magazine has been released
Posted by boss on Friday, April 25 @ 23:30:50 EDT (135 reads)
Anonymous writes "(IN)SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security topics.
Issue 16 has just been released. Download it from: http://www.insecuremag.com
The covered topics include:
- Security policy considerations for virtual worlds
- US political elections and cybercrime
- Using packet analysis for network troubleshooting
- The effectiveness of industry certifications
- Building a secure future: lessons learned from 2007's highest profile security events
- Advanced social engineering and human exploitation, part 2
- Interview with Nitesh Dhanjani, Senior Manager at Ernst & Young
- Is your data safe? Secure your web apps
- RSA Conference 2008
- Producing secure software with security enhanced software development processes
- Network event analysis with Net/FSE
- Security risks for mobile computing on public WLANs: hotspot registration
- Black Hat Europe 2008 Briefings & Training
- A Japanese perspective on Software Configuration Management
- Windows log forensics: did you cover your tracks?
- Traditional vs. non-tranditional database auditing
- Payment card data: know your defense options
Visit the (IN)SECURE Magazine web site at: http://www.insecuremag.com
Subscribe to our RSS feed at: http://feeds.feedburner.com/insecuremagazine
Thanks goes to the following companies for their support of (IN)SECURE magazine:
Qualys - http://www.qualys.com/pci_compliance/se-g
GFI - http://www.gfi.com/adentry.asp?adv=62&loc=41
Contact:
- For information on contributing to (IN)SECURE Magazine, please contact Chief Editor Mirko Zorz at editor( at )insecuremag.com
- For marketing inquiries do contact Marketing Director Berislav Kucan at marketing( at )insecuremag.com"
(comments? | Score: 0)
|
|
VOIP Hacks Webinar
Posted by boss on Friday, April 11 @ 16:08:16 EDT (264 reads)
Anonymous writes "April 15, 2008 We are pleased to have Mark Collier from Secure Logix to present: VoIP Hacks More and more enterprises are deploying Voice Over IP (VoIP). Unfortunately, security is often ignored during these deployments. This presentation will cover VoIP security and addresses major issues facing enterprises, will discuss tools that can be used to test for vulnerabilities, and will cover practical countermeasures that can be used to address the issues.
About the Presenter: Mark Collier is the Chief Technology Officer (CTO) and Vice President of Engineering for SecureLogix Corporation. He is responsible for SecureLogix’s technology direction and research/development. Mark manages the development of SecureLogix’s Enterprise Telephony Management (ETM) System product line. He also manages the development of SecureLogix’s various security service offerings.
Mr. Collier is actively performing research in the area of Voice Over IP (VoIP) security. He has recently authored the Hacking Exposed: VoIP book, which describes actual attacks, use of existing and new tools, and practical countermeasures. Mr. Collier has been working in the industry for over 20 years, with the past 10 in security, telecommunications, and networking. He is a frequent author and presenter on the topic of voice and VoIP security. He is also a founding member of the Voice Over IP Security Alliance (VoIPSA). Mark has been named one of the most influential people in VoIP and maintains a widely read blog at www.voipsecurityblog.com. To REGISTER, please click HERE | Event Details | |
| Time: | 9am EST | |
|
| 9 pm (Hong Kong) | |
|
| 1pm (London) | |
|
| 6.30pm (New Delhi) | | |
| | | |
| | | To REGISTER, please click HERE
(comments? | Score: 0)
|
|
ProxyStrike - Active Web Application Proxy
Posted by boss on Thursday, April 10 @ 15:31:23 EDT (218 reads)
Anonymous writes "As seen on the great SecuriTeam mailing list:
SUMMARY
ProxyStrike is an active Web Application Proxy, is a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so we came with this proxy.
Right now it has available Sql injection and XSS modules. Both modules are designed to catch as many vulnerabilities as we can, it's that why the SQL Injection module is a Python port of the great DarkRaver "Sqlibf". The XSS module is made by us, using our library Gazpacho (soon will be released as standalone tool).
The process is very simple, ProxyStrike runs like a passive proxy listening in port 8008 by default, so you have to browse the desired web site setting your browser to use ProxyStrike as a proxy, and ProxyStrike will analyze all the paremeters in background mode.
For the user is a passive proxy because you won't see any different in the behavior of the application, but in the background is very active.
ADDITIONAL INFORMATION
The information has been provided by laramies2k@yahoo.com.ar -- Christian Martorella.
To keep updated with the tool visit the project's homepage at:
http://www.edge-security.com/proxystrike.php
"
(comments? | Score: 0)
|
|
Exclusive Webcast: How to Test for Software Vulnerabilities
Posted by boss on Thursday, April 03 @ 10:19:49 EDT (262 reads)
Anonymous writes " A Codenomicon event, presented by Computer Security Institute.
This is a vendor-sponsored event. Content has been approved by CSI.
Please join CSI and Codenomicom for a complimentary webcast:
How to Test for Software Vulnerabilities
Date: Thursday, April 16, 2008
Time: 9:00 am PST/Noon EST
Duration: 60 minutes
Register Now
This webinar will bring together the views of the industry on how software vulnerabilities are proactively found and resolved in software and services.
With today’s security threats demanding improved analysis, black box security testing is becoming an increasingly popular trend. The testing technique involves sending an enormous amount of negative tests, or attack simulations, against real live network equipment or a critical service. Various names for such testing include robustness testing and fuzzing.
This type of testing results in improved metrics in network security and penetration testing while reducing time to market. Additional benefits include better-quality software and lower maintenance costs.
Presenters:
Jon Oltsik, Senior Analyst, Enterprise Strategy Group Jon Oltsik is a senior analyst at Enterprise Strategy Group as well as the founder of its Information Security service in 2003. Oltsik is now widely recognized as an expert in security management and technology and also focuses on identity and access management. Prior to joining ESG, Jon was the founder and principal of Hype-Free Consulting. Mr. Oltsik previously served as VP of Marketing & Strategy at GiantLoop Network where he managed all external marketing activities and defined the company’s strategic vision. Jon was also a Senior Analyst at Forrester Research where he covered a wide range of infrastructure and IT topics.
Howard A. Schmidt,
President & CEO R & H Security Consulting LLC, Codenomicon
Mr. Howard A. Schmidt has had a long distinguished career in defense, law enforcement and corporate security spanning almost 40 years, including serving as the Special Adviser for Cyber Security at the U.S. White House. In addition to Schmidt's service at the White House he has served as Vice President and Chief Information Security Officer and Chief Security Strategist at eBay, Chief Security Officer for Microsoft Corp, Supervisory Special Agent and Director of the Air Force Office of Special Investigations Computer Forensic Lab and Computer Crime and Information Warfare Division.
Register Now: http://online.cmptechresource.com/cgi-bin4/DM/y/nBH5S0OerFi0VrL0FwGw0En
Thank you.
Sincerely,
Robert Richardson, Director
Computer Security Institute "
(comments? | Score: 0)
|
|
Hacker Halted USA, May 28 - June 4, 2008 Myrtle Beach, SC, USA
Posted by boss on Tuesday, April 01 @ 08:58:57 EDT (246 reads)
Anonymous writes "Myrtle Beach, South Carolina, USA - www.hackerhalted.com
Hacker Halted USA will be held in association with the 10th Techno Security Conference and the 1st Access Data User Conference. More than 1,000 Information Security Specialists are expected to attend this combined event and there will be over 100 exhibitors show casing the latest technologies and tools in Information Security.
Howard Schmidt, ISSA International President, former CSO of Microsoft Corp, Vice Chair of the President’s Critical Infrastructure Protection Board and Special Adviser for Cyberspace Security for the White House, will be the main keynote speaker for Hacker Halted USA 2008. Others speakers includes representative from National Defense University, SANDIA National Laboratories, Sophos, Infosys, Kaspersky, among others.
CCCure.org Members enjoy 10% discount to attend the conference!
EC-Council will be conducting 3 "LIVE" Classes at Hacker Halted USA. This is a chance to obtain world class certifications. All classes are led by our Master Trainers.
1) Certified Ethical Hacker v6 (CEH)
Hacker Halted USA will see the global rollout of this world's most advanced ethical hacking course - The Certified Ethical Hacker Version 6. Join this inaugural class now!
2) Certified Security Analyst / Licensed Penetration Tester (ECSA/LPT)
Obtain the certification that leads you to being conferred the prestigious EC-Council LPT!
3) Computer Hacking Forensic Investigator (CHFI)
The CHFI was once named One of the Best New Certifications by CertMag.
Click HERE for more information and registration"
(comments? | Score: 0)
|
|
What You Need to Know about PCI Compliance and Web Application Security Policy
Posted by boss on Tuesday, April 01 @ 08:58:27 EDT (462 reads)
MichaelSutton writes "PCI compliance exists to protect consumers from credit fraud, and their data will be protected if rules are followed. If your business accepts credit cards, you are aware of changes to PCI compliance in June. Adherence to section 6.6 of the PCI compliance rules should have been met; if not, web application security must be integrated into existing applications. This mandate allows businesses to evaluate their security practices.
Click on Read More... below to see the whole article
"
(Read More... | 8145 bytes more | comments? | Score: 0)
|
|
Hakin9 Newsletter
Posted by boss on Friday, March 07 @ 08:06:58 EST (500 reads)
Anonymous writes " ---------------------------------------------------------------------------
hakin9 Newsletter, 03-07-2008
http://www.hakin9.org/en/
http://www.buyitpress.com/en/
---------------------------------------------------------------------------
1. Download an article for free
2. New h9 logo
3. New issue of hakin9 is now on sale
4. March Madness – new h9 subscription offer
---------------------------------------------------------------------------
*Download an article for free*
---------------------------------------------------------------------------
Remote and Local File Inclusion Explained - an article by Gordon Johnson to download from hakin9 portal at no charge.
Visit our website and read something new!
http://hakin9.org/prt/view/pdf-articles.html
--------------------------------------------------------------------------
*New h9 logo!* 
--------------------------------------------------------------------------
Our magazine has a new LOGO!
Do not miss it when looking for hakin9 at the newsstands!
www.hakin9.org/en
--------------------------------------------------------------------------
*New issue of hakin9 is now on sale*
--------------------------------------------------------------------------
Get the latest hakin9 edition - VoIP Abuse. Storming SIP Security.
You will read about:
- Hacking SIP
- Alternate Data Streams
- Programming with Libpcap - Sniffing the Network from Your Own Application
- Reverse Engineering
- Postgres Database Security
- Writting IPS Rules.
Don't miss the chance to learn something new.
Go to the nearest bookstore or subscribe.
http://hakin9.org/prt/view/about-the-mag/issue/691.html
--------------------------------------------------------------------------
*March Madness – new h9 subscription offer*
--------------------------------------------------------------------------
You have the one and only chance to get hakin9 Exclusive Mega Pack.
All archive issues and 2008 subscription are available this week for only $79.99!
Don't miss your chance and order now.
Offer is valid until 13/03/2008 only.
http://hakin9.org/prt/view/special-offers.html
In case of any questions send an e-mail quoting 'March Madness' to:
wojciech.kowalik@hakin9.org
http://hakin9.org/prt/view/special-offers.html
--------------------------------------------------------------------------
www.hakin9.org/en
en@hakin9.org
+1 917 338 36 31 "
(comments? | Score: 0)
|
|
OSSTMM V3.0 Introduction Video
Posted by boss on Thursday, February 28 @ 09:55:59 EST (493 reads)
Anonymous writes " NOTE FROM CLEMENT:This is one video that you have to watch. Pete is presenting his latest version of the OSSTMM and as usual he's presentation a clear view of what people perceive security is but the truth is sometimes surprising. Do watch the video and I am sure you will learn a lot and it might even change the way you look at security in the future. Here is the announcement:
Hi,
A video walk-through and explanation of the new security testing methodology, OSSTMM 3, which I did recently has been created by Dreamlab (www.dreamlab.net).
The video covers a walk-through of the most important factors of OSSTMM 3 and a little bit about aluminum foil hats. So if you are interested in the new methodology, completely re-written and re-structured from the ground up, check out the video.
The full OSSTMM 3 will still be released publicly and for free as soon as we can get it out but all development has completed for this version and only editing of the document is left. We hope to make this the easiest and most beneficial OSSTMM to use for everyone. We want a manual professionals can use but also to give to their clients as something very readable and informative.
You can get see the video and download the presentation, "The Vision of the OSSTMM" at:
http://www.dreamlab.net/news/review-osstmm-evening-talk-with-pete-herzog
Or the following links:
For all that missed out on the event Dreamlab provides you with the keynote slides and video as well as further downloadable information concerning the new RAV:
Keynote Video: Flash (low)/ MPEG4 (medium)OSSTMM 3.0 Security Test Audit Report (STAR): Excel/ OpenOfficeOSSTMM 3.0 RAV Calculation Sheet: Excel/ OpenOffice
Also, ISECOM is looking for training partners and trainers.
Anyone interested in being a training partner should contact us because we have the next Train the Trainer class coming up March 31st - April 2nd in Barcelona where it's sunny and warm ;)
Trainers are taught the newest ISECOM research and even the terrible truth about security (you can see the video for details about that).
Let us know if you have any questions.
Sincerely,
-pete.
-- Pete Herzog - Managing Director - pete@isecom.org
ISECOM - Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.isestorm.org "
(comments? | Score: 0)
|
|
ChicagoCon A must attend conference
Posted by boss on Friday, February 22 @ 18:09:35 EST (363 reads)
Anonymous writes " Hey All,
As you know, we rarely send email blasts or ask for favors, but I could really use your help in spreading the word of the spring edition of ChicagoCon. We have 24 hours to get this on Digg's Front Page. Please help give this unique event the exposure it deserves by using the link below and then clicking "digg it" under the big yellow number:
http://www.digg.com/security/ChicagoCon_2008s_Security_Training_Ethical_Hacking_Con
And as they say in Chicago... vote early and vote often! That even goes for the deceased. ;-)
For details about the event itself:
ChicagoCon 2008s: White Hats Come Together in Defense of the Digital Frontier
May 12 – 18, 2008
www.chicagocon.com
The Spring Edition of ChicagoCon features all new keynoters, additional security boot camps, exams on-site followed by a two-day ethical hacking conference. And without an exhibit hall full of sales pitches, you're free to learn from the pros, network with peers and advance your infosec career. Not just another boot camp or hacker con, ChicagoCon adds value to your training dollars with top instructors and well known certifications. 13 courses including CISSP, CEH, CHFI, Advanced Hacking, BackTrack to the Max (First Time EVER), Cisco, Microsoft, SANS, SOX, Security+ and more. The 2 days of “Con” Activities are only $100 (free for training students) and offers presentations, breakout sessions & hacking contests. From the novice, to the ultimate techie, to the CISO chair... everyone interested in a career in security will find something at ChicagoCon, your one-stop shop for security training and certification. Keynotes: Geahan (FBI), Echemendia (Hacking Instructor), McOmie (TruTV's Tiger Team), Murray (Neohapsis) & Carpenter (SANS). Presented by www.ethicalhacker.net.
Thanks in advance and see you in the Windy City,
Don
Editor-in-Chief
The Ethical Hacker Network
Founder & Organizer
ChicagoCon
Sponsors include:
EC-Council - http://www.eccouncil.org/
LearnSecurityOnline - http://www.learnsecurityonline.com/
The Security Certified Program - http://www.securitycertified.net/
CompTIA - http://www.comptia.org/
Voltage Security - http://www.voltage.com/ "
(comments? | Score: 0)
|
|
VoIP Hopper 0.9.9 Released
Posted by boss on Tuesday, February 19 @ 07:50:46 EST (373 reads)
Anonymous writes " VoIP Hopper 0.9.9 has been released.
This is the same code that was presented at ShmooCon 4.
Main Site is located at: http://voiphopper.sf.net
NEW FEATURES
* CDP Generator!
VoIP Hopper can generate CDP packets in order to discover the Voice VLAN ID, as any IP Phone based on CDP would do. In this CDP spoof mode, VoIP Hopper will send two CDP packets in order to decipher the VVID, then it will iterate between sleeping for 60 seconds, and sending another packet. Not only is this faster than CDP sniffing, but it can also help bypass any mechanisms that rely on CDP for permitting access to the Voice VLAN.
* Voice VLAN Interface Delete:
VoIP Hopper can delete the created Voice Interface
* MAC Address Spoof, then exit:
VoIP Hopper can change the MAC Address of an interface offline and exit, without VLAN Hopping.
IMPORTANT BUG FIX
VoIP Hopper now correctly decodes 2 bytes for the Voice VLAN ID in CDP Packets instead of only 1 byte. This corrects large VVID values (such as 415, etc) from being incorrectly decoded.
WHAT IS VOIP HOPPER
VoIP Hopper is a VLAN Hop test tool but also a tool to test VoIP infrastructure security.
CREDITS FX <fx@phenoelit.de> for his IRPAS Suite
Jamal Pecou Many others...
Please see the SF site for more information.
VHC "
(comments? | Score: 0)
|
|
| |
 |
Login |
 |
|
|
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
|
|
|
 |
|
|
Lou's Corner |
|
|
Stop testing like a caveman. Learn how to do it right with Lou
LOU'S VIDEOS
|
|
|
|
|
|
|
Big Story of Today |
|
|
|
There isn't a Biggest Story for Today, yet.
|
|
|
|
|
 |
Old Articles |
 |
|
| Tuesday, February 19 | | · | AIRRAID2 Wireless Hacking Tournament confirmed 27 March 2008 ! |
| Friday, February 08 | | · | The Web Hacking Incidents Database (WHID) annual report for 2007 |
| Sunday, February 03 | | · | Who is this Lou guy? |
| Thursday, January 31 | | · | OWASP NY/NJ Metro Chapter and the W3AF Application testing tool |
| Wednesday, January 30 | | · | SP 800-53A DRAFT Assessing Security Controls in Federal Information Systems |
| · | SP 800-15 DRAFT Technical Guide to Information Security Testing |
| Tuesday, January 29 | | · | Metasploit 3.1 has been released |
| · | Uninformed Magazine 9th Volume released online |
| · | Hakin9 Total Pack Archive exclusive offer from CCCure |
| Friday, January 25 | | · | EC-Council Continuing Education Point System (ECE) |
| Thursday, January 24 | | · | A new version of WFuzz web application brute forcer was released |
| Tuesday, January 22 | | · | sqlninja 0.2.2 has been released |
| Saturday, January 19 | | · | Howard Schmidt to be Keynote Speaker at Hacker Halted USA 2008 |
| · | SinFP OS Fingerprinting online demo is available now |
| · | IT Audit Checklist: Payment Card Industry (PCI) |
| · | SQLMap Automated SQL injection tool |
| · | Nessconnect 1.0.0 Released (Nessj/Reason) |
| Wednesday, December 19 | | · | RUSSIX Linix Distro -- It brings memory back from the good old Auditor Distro |
| · | New version of UnicornScan has been released |
| · | EC-Council Continuing Education (ECE) Credits |
Older Articles
|
|
|
 |
|
