New Tool - SIPcrack
Sunday, March 4th, 2007
SIPcrack is a SIP login sniffer/cracker that contains 2 programs: sipdump to capture the digest authentication and sipcrack to bruteforce the hash using a wordlist or standard input.
Share ThisArchive for the 'Penetration Testing' Category
Government Agencies debate over automatic penetration tools
Tuesday, February 27th, 2007
It seems that debate over the automatic tools vs. manual penetration tools raises serious questions within the government agencies.South Carolina and Delaware already use Core Impact, other might follow:
Share ThisThink Twice When Choosing Pentesters
Monday, February 26th, 2007
Nick Baskett wrote an interesting article in it-observer about best practices when hiring an external penetration testing consultant. I hope that more and more business decision makers will apply his advices :
Share ThisHow to Turn Firefox Into an Attack Webserver
Sunday, February 11th, 2007
amazing that this nifty tool supports Server-side JS, GET, POST, uploads, Cookies, SQLite and AJAX.
Share ThisHow To perform a Social Engineering Attack
Thursday, February 1st, 2007
OSSTMM guru Pete Herzog released today an interesting guide on social engineering assessments.
Share ThisPantera - A Web Assessment Studio
Friday, January 19th, 2007
OWASP is happy to announce the first release of OWASP Pantera - Web
Assessment Studio. Pantera is a mix between a pentest proxy, an application
scanner, and an intelligent analysis framework. Pantera’s goal is to leave
the analysis and automatic (repetitive) stuff to the engine, leaving only
the important decisions to the security expert.
Great tool !
OWASP Pantera Web […]
OWASP Testing Guide V2
Friday, January 19th, 2007
The Open Web Application Security Project (OWASP) is dedicated to finding and fighting the causes of insecure software. Everything here is free and open source.
OWASP has released the Security Testing Guide v2 .At 270 pages, this guide is already a must-have for most developers and penetration/application testers, but we want to take it one step […]
Automated Scanner vs. The OWASP Top Ten
Wednesday, January 10th, 2007
an interesting article on automated vulnerability scanners and the limitations of these tools in finding real life web application vulnerabilities .
Share ThisPenetration Testing Frameworks
Tuesday, January 9th, 2007
A good framework is a great resource for any pentester .
Here are some of the best I found :
The mindmap written by Toggmeister (a.k.a. Kev Orrey) & Lee J Lawson http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
OSSIG http://www.oissg.org/
OSSTMM http://www.isecom.org/osstmm/
OWASP http://www.owasp.org
Share This
If you enjoyed this post, make sure you subscribe to my RSS feed!
