My Security Planet » BindShell.Net

Feeds

5395 items (0 unread) in 69 feeds

• Jeremy Zawodny's blog
• Mozilla Webdev
• Transcendental Technical Travails
• Ian Bicking: a blog
• Hackosis

WebSecurity

• Watchfire Application Security Insider
• BlogSecurity
• sirdarckcat
• Google Online Security Blog
• CGISecurity.com: Your Web Site and Application Security Resource
• Switch/Twitch
• mybeNi websecurity
• cat slave diary
• SecuriTeam Blogs
• Curiouser and Curiouser
• Alex's Corner
• Billy (BK) Rios
• Chris Shiflett
• christian's weblog
• funkatron.com
• GNUCITIZEN
• The Spanner
• hackademix.net
• Ruby on Rails Security Project
• It's a shampoo world anyway
• Web Security Blog
• ha.ckers.org web application security lab
• Yet Another Infosec Blog
• PHP Security Blog
• Security Thoughts
• Sunnet Beskerming Security Advisories
• Disenchant's Blog
• Sylvan von Stuppe
• Larholm.com
• The Turkey Curse
• Jeremiah Grossman
• Anurag Agarwal - Application Security Evangelist
• Ivan Ristic
• deep inside | security & tools
• omg.wtf.bbq.
• BlueHat Security Briefings
• Tactical Web Application Security

Security

• tssci security
• Plynt Penetration Testing Blog
• Michael Howard's Web Log
• Security Retentive
• BindShell.Net
• Dominic White's .tHE pRODUCT
• SecurityFocus News
• Justice League
• Schneier on Security
• Rational Survivability
• terminal23
• 1 Raindrop
• hiredhacker.com
• Matasano Chargen
• Security Vulnerability Research & Defense
• Michael on Security - Musings on Information Security
• :: extra ::
• The Art of Software Security Assessment
• GDS Security Blog
• Vodun.org
• Robert Penz Blog
• Mark Curphey - SecurityBuddha.com
• Liminal states
• Security Ripcord

SEO

• SEO BlackHat: Black Hat SEO Blog
• busin3ss.name

Tools

• Opensourcetesting.org News

BindShell.Net

• 

  PHP reverse shell

  Posted: January 9th, 2008, 12:14am CST

  Tags:  Events   [edit]

  Pentestmonkey has a great tool called php-reverse-shell. It is for elevation from web server (PHP) upload access to a reverse bindshell. The script will open an outbound TCP connection from the webserver to a host and port of your choice.
• 

  BeEF in BackTrack3

  Posted: November 6th, 2007, 9:42am CST

  Tags:    [edit]

  Josh Abraham has added BeEF to BackTrack3. He has also created a tutorial with some of the basic functionality.
• 

  New password cracking tool Dnetj and updates to John The Ripper MPI

  Posted: August 8th, 2007, 5:51pm CDT

  Tags:    [edit]

  For those people wanting to crack password hashes, there is a minor update (john-1.7.2-mpi5) to the MPI cluster patch for John The Ripper available Here as well as a completely new tool called Dnetj which is available Here Dnetj is a client/server wrapper around John The Ripper that allows the use of a central server and any number of cracking nodes, in much the same way setiathome or distributed.net works. The server loads a set of password hashes, and splits the available keyspace into "work units" of a configurable size. The clients connect and retrieve the hashes, as well as a set of work units to process. Once a client has processed some work units, it connects back to the server to submit the completed units as well as any passwords which have been cracked. This is a very early release, and although functional there could well be bugs.
• 

  BeEF 0.3.2 Released

  Posted: July 19th, 2007, 7:55am CDT

  Tags:    [edit]

  Version 0.3.2 of BeEF has been released.
• 

  John MPI Updated

  Posted: April 20th, 2007, 10:40pm CDT

  Tags:    [edit]

  A new version of John The Ripper MPI (mpi4) is now available in the tools section... This version includes: Support for MacOSX/Intel, this support requires SSE2, as does MacOS itself. Support for runtime status updates (send a SIGHUP to the running john processes). Several minor bugfixes
• 

  Inter-protocol Exploitation and Communication papers

  Posted: April 19th, 2007, 2:04pm CDT

  Tags:    [edit]

  Two papers are now available that demonstrate inter-protocol security issues - Inter-protocol Communication and Inter-protocol Exploitation. Among other things they show the practicality of encapsulating exploit code in one protocol to compromise a program which uses a different protocol. An example is provided that shows how a web browser can launch a MetaSploit type exploit to own an Asterisk server. Of course, this raises concerns over the (in)effectiveness of firewalls against this attack.
• 

  BeEF 0.3.1.6 Released

  Posted: March 19th, 2007, 10:16am CDT

  Tags:    [edit]

  The new version of BeEF has been released. BeEF 0.3.1.6 has new modules employing cutting edge exploitation techiques. It is the first framework/tool that can perform Inter-Protocol Communication and Inter-Protocol Exploitation. It can reach behind hardened firewalls and IDSs to launch ported exploits at arbitrary servers.
• 

  Konqueror DoS Via JavaScript Read Of FTP Iframe

  Posted: March 4th, 2007, 7:48pm CST

  Tags:    [edit]

  This Konqueror crash is a spin-off finding from the FTP PASV paper.
• 

  Manipulating FTP Clients Using The PASV Command Paper

  Posted: March 4th, 2007, 7:46pm CST

  Tags:    [edit]

  A common implementation flaw in FTP clients allows FTP servers to cause clients to connect to other hosts. This seemly small vulnerability has some interesting consequences for web browser security. This paper discusses how the flaw affects Firefox, Opera and Konqueror.
• 

  Advanced Cross-site Scipting Virus Paper

  Posted: January 30th, 2007, 11:34am CST

  Tags:    [edit]

  This paper explores the real potential of the web being infected with a cross-site scripting virus that autonomously searches for, and employs, new vulnerabilities for propagation.