public marks

PUBLIC MARKS from xenomorph with tag info-sec

August 2006

Browser Security Test

by 5 others
Test Your Browser's Security Now!

BackTrack - Remote-exploit.org

by 2 others
Combining the best features from both distributions, and paying special attention to small details, this is probably the best version of either distributions to ever come out. Based on SLAX (Slackware), BackTrack provides user modularity. This means the distribution can be easily customised by the user to include personal scripts, additional tools, customised kernels, etc.

Main Page - Docupedia

RealCLIP - Main entry point for discussion and documentation on the RealCLIP project Linux Howtos - Everything from SuSE and Redhat to Debian and Lucix Unix Howtos - Unix Based Systems like FreeBSD and OpenBSD. Mac Howtos - Apple howtos for PPC and x86, iPods, and the like. Embeded Howtos - These are howtos for embeded devices like the WRT54GS routers from linksys Windows Howtos - Howtos for Windows OS and applications. Web Based Howtos - OS independant tutorials. Others - Those that do not fit anywhere else...

June 2006

openSIMS

openSIMS is a Security Infrastructure Management Systems distributed as an open source project through SourceForge, using a modified Mozilla Public License. OpenSIMS ties together the open source tools used for security event management into a common infrastructure. These tools include NMap, Snort, and many others. The best way to experience openSIMS is by downloading the openSIMS liveCD.

Ophcrack 2 -- The fastest Windows password cracker

by 15 others
A Windows password cracker based on the faster time-memory trade-off using rainbow tables. This is an evolution of the original Ophcrack 1.0 developed at EPFL. Ophrack 2.2 comes with a GTK Graphical User Interface and runs on Windows as well as on Linux.

Aanval Intrusion Detection Console - Snort and Syslog IDS / GUI / Interface

Aanval is the industries only correlation and analysis console designed specifically for Snort and Syslog data.

March 2006

infosec daily: blogs

Full ISD blog archives

TaoSecurity

by 2 others (via)
TaoSecurity Blog

Web Security Blog

It's that time of year again, when I get to work on new features (instead of supporting the old ones). With a major change to the version number of the way I took the opportunity to introduce major improvements too. ModSecurity 2.0.0-dev1 is available right now and it offers the following major improvements:

Apache Security - The Complete Guide to Securing Your Apache Web Server

This all-purpose guide for locking down Apache arms readers with all the information they need to securely deploy applications. Administrators and programmers alike will benefit from a concise introduction to the theory of securing Apache, plus a wealth of practical advice and real-life examples. Topics covered include installation, server sharing, logging and monitoring, web applications, PHP and SSL/TLS, and more.

Website Security, and Web Application Security News

Website Security, Phishing, RSS Security, Web Security, Questions, Database Security, Web Server, Security Application, Server Security, Security Documentation, Cross Site Scripting, SQL Injection, Web Services Security, AJAX Security, .NET Security, Java Security, Application Firewalls, IIS Security, Apache Security, Oracle Security, MySQL Security, Microsoft SQL Server Security, URL Scan, Mod Security

gera's InsecureProgramming page

Here you can find a collection of exercises that will help you teach yourself the art of insecure programs exploitation. It's not complete, but it's minted to open your mind. The idea is NOT to use any human help. In case you doubt it, we could exploit all but two of them, stay calm and good luck.

OVAL

- Open Vulnerability and Assessment Language

Dartmouth College Security Library

Library - Institute for Security Technology Studies (ISTS) - Security White Papers

F-Script

by 4 others (via)
F-Script is a lightweight open-source scripting layer specifically designed for the Mac OS X object system (i.e. Cocoa). F-Script provides scripting and interactive access to Cocoa frameworks and custom Objective-C objects. It aims to be a useful and fun tool for both beginners and experts, allowing interactively exploring, testing and using Cocoa-based objects and frameworks.

February 2006

eVuln.com - Web Application Penetration Test Services.

eVuln provides the folowing services: Web Application Source Code Analysis - Whitebox TestSecurity Implementation ConsultingWeb Application Remote Penetration Test - Blackbox TestIncident Response

PASSIVEMODE SECURITY

GOOGLE LINUX MICROSOFT PRIVACY ROOTKITS SOFTWARE HACKS TELECOM SECURITY

January 2006

LiveAmmo Computer Security Blog

LiveAmmo Radio - Security News and Research

MacDevCenter

Mac Security: Identifying Changes to the File System