Clik here to view.
Didier Stevens: Gzip Decompression Via Pipes
A good friend asked me how to decompress a gzip compressed file, stored inside a McAfee quarantine file. On Linux, it’s simple, using the punbup.py tool. Like this:punbup.py -f quarantine.bup | gzip...
View ArticleClik here to view.
Un informático en el lado del mal: BeRoot: Una herramienta para buscar la...
BeRoot es una herramienta de post-explotación que ayuda a un pentester a lograr ser Administrador - o root - en un sistema operativo Microsoft Windows, a través de chequear malas configuraciones,...
View ArticleFortinet FortiGuard Blog: Video Gallery: Fortinet Employees Spotlight SIEM...
This past February, thousands of healthcare IT professionals gathered in Orlando for the 2017 HIMSS conference to get an expansive view of the current healthcare landscape. Fortinet was also in...
View ArticleSANS Internet Storm Center, InfoCON: green: Migrating Telnet to SSH without...
I recently had a security assessment / internal pentest project, and one of the findings was I found an AS/400 running telnet services (actually unencrypted tn5250, but it comes to the same thing) The...
View ArticleSANS Internet Storm Center, InfoCON: green: The Quest for the Universal...
Gebhard pointed us to an article at Heise, which reports that researchers are working towards a universal fingerprint - a master pattern (or small number of master patterns) that ring enough bells to...
View ArticleClik here to view.
Un informático en el lado del mal: Cómo se ha hecho a Gmail el ataque de Spam...
Ayer fue un día en el que se produjo uno de los ataques de spam para robar cuentas de Gmail más masivo de los que se conocen, por hacerse de manera viral aprovechándose de los permisos OAuth que...
View ArticleFortinet FortiGuard Blog: Multiple Joomla! Core XSS Vulnerabilities Are...
Joomla! is one of the world's most popular content management system (CMS) solutions. It enables users to build custom Web sites and powerful online applications. More than 3 percent of Web sites are...
View ArticleSANS Internet Storm Center, InfoCON: green: ISC Stormcast For Friday, May 5th...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleLost In Security: Españoles por la BlackHat
Siguiendo con la estela del artículo publicado 'Españoles por la Phrack', vuelvo a la carga con un artículo parecido, pero en este caso sobre una de las conferencias de seguridad que más conoce la...
View ArticleSANS Internet Storm Center, InfoCON: green: HTTP Headers... the Achilles'...
When browsing a target web application, a pentester is looking for all entry or injection points present in the pages. Everybody knows that a static website padding:5px 10px"> form action=/view.php...
View ArticleClik here to view.
/dev/random: [SANS ISC] HTTP Headers… the Achilles’ heel of many applications
I published the following diary on isc.sans.org: “HTTP Headers… the Achilles’ heel of many applications“.When browsing a target web application, a pentester is looking for all “entry” or “injection”...
View ArticleClik here to view.
ArsTechnica: Security Content: Not-so-secret DOD “spy drone” footage, live on...
On Wednesday, Kenneth Lipp, a contributor to the Daily Beast, was doing what amounts to a random search on the security search engine Shodan when he discovered what appears to be a Web console for...
View ArticleClik here to view.
ArsTechnica: Security Content: More Android phones than ever are covertly...
Enlarge (credit: Arp et al.)Almost a year after app developer SilverPush vowed to kill its privacy-threatening software that used inaudible sound embedded into TV commercials to covertly track phone...
View ArticleFortinet FortiGuard Blog: Why Today’s Financial Organizations Should Deploy...
As is the case across most of today’s industries, the latest IT technological advances like the cloud, Internet of Things (IoT), and mobility have all blurred the lines between traditional network...
View ArticleClik here to view.
ArsTechnica: Security Content: Google phishing attack was foretold by...
Enlarge (credit: Sean Gallup / Getty Images)The "Google Docs" phishing attack that wormed its way through thousands of e-mail inboxes earlier this week exploited a threat that had been flagged earlier...
View ArticleClik here to view.
Un informático en el lado del mal: Apache: Server-Side Session Hijacking con...
El artículo de hoy, que por su extensión estará dividido en dos partes, comienza con una pregunta que me surgió el otro día cuando me encontraba mirando cosas por si hay que escribir la siguiente parte...
View ArticleClik here to view.
McAfee Avert Labs: Taking a Look at W32/Ramnit
Today we’re going to take a look at an interesting file-infector virus. W32/Ramnit infects EXE, DLL and HTML files. That last one is right; W32/Ramnit also infects HTML files to replicate itself.Let’s...
View Articlehoneyblog: 2011 Honeynet Project Security Workshop Slides + Videos
The slides and videos from the 2011 Honeynet Project Security Workshop (Paris) are now available! You can get the material from http://www.honeynet.org/SecurityWorkshops/2011_Paris. About the...
View ArticleSANS Internet Storm Center, InfoCON: green: The story of the CFO and CEO...,...
I read an interesting article in aBelgian IT magazine[1]. Every year, they organise a big survey to collect feelings from people working in the IT field (not only security). It is very broad and covers...
View ArticleClik here to view.
/dev/random: [SANS ISC] The story of the CFO and CEO…
I published the following diary on isc.sans.org: “The story of the CFO and CEO…“.I read an interesting article in a Belgian IT magazine[1]. Every year, they organise a big survey to collect feelings...
View Article