Your results:
You are Iron Man
Inventor. Businessman. Genius.
Click here to take the Superhero Personality Test
August 24, 2007
Which superhero are you?
I had to take the test. I cant help it. I was really curious on the outcome. hehehehehhehe. The Iron Man? hmmm.. not bad!
Your results:
You are Iron Man
Inventor. Businessman. Genius.
Click here to take the Superhero Personality Test
Your results:
You are Iron Man
Inventor. Businessman. Genius.
Click here to take the Superhero Personality Test
August 8, 2007
Google Hacking for Penetration Testers ebook
Understanding the adversary mindset is an important element in designing and developing effective protective strategies."—Amit Yoran, Former Director of the National Cyber Security Division, Department of Homeland SecurityI found this rapidshare link while surfing the net, I think the book is quite informative. Anyways, here is the link:
"...Google Hacking exposes those with their pants down, so the whole Internet can see their skivvies."—Adrian Lamo, Special Project Editor, The American River Current
"This Book Rocks!"—Roelof Temmingh, Technical Director, SensePost (Creators of the Wikto Web Assessment Tool)
"You can use Google for something other than hacking? I only use Google for finding vulnerable servers."—Tim Mullen, CIO, AnchorIS.com
Explore the Dark Side of Googling
* Morph Google from “Directory Assistance Please” into a Rig Mounted Pneumatic Rock Drill
* See How Bad Guys Use Portscans, CGI Scans, and Web Server Fingerprinting to Stroll in the Back Door of Your Enterprise
* Slam the Door on Malicious Google Hacks That Expose Your Organization’s Information Caches, Firewalls, IDS Logs, and Password Databases
Can you guard against Google Hacking? Google’s advanced search capabilities are being used on an increasing basis by some to harvest information from the Web. Sensitive documents, stolen credit card information, even servers behind corporate firewalls can be found using Google searches.
Are you the type of person who needs to know how to torque Google to detect SQL injection points and login portals, execute port scans and CGI scans, fingerprint web servers, locate incredible information caches such as firewall and IDS logs, password databases, SQL dumps and much more – all without sending a single packet to the target! Then Google Hacking for Penetration Testers is for you. By reverse engineering the techniques of malicious "Google hackers," this book shows security practitioners how to properly protect their servers from this often overlooked and dangerous form of information leakage.
Contents of this Book
Google Searching Basics
Advanced Operators
Google Hacking Basics
Network Mapping
Locating Exploits and Finding Targets
Ten Simple Security Searches That Work
Tracking Down Web Servers, Login Portals, and Network Hardware
Usernames, Passwords, and Secret Stuff, Oh My!
Document Grinding and Database Digging
Protecting Yourself from Google Hackers
Automating Google Searches
Professional Security Testing
An Introduction to Web Application Security
Are You Safe? Learn the Queries that Hackers Use:
filetype:lit lit (books|ebooks) Online unprotected e-books!
inurl:root.asp?acs=anon Outlook Web Access Public Folders and the Exchange Address Books!
intitle:"Live View / - AXIS" | inurl:view/view.sht Axis Netcams Live View!
inurl:"ViewerFrame?Mode=" Live Panasonic Network Cameras!
SNC-RZ30 HOME Live Sony NC RZ30 web cameras!
intitle:"toshiba network camera - User Login" Live Toshiba network cameras!
aboutprinter.shtml Xerox printers on the web!
index.of.dcim Digital Camera Photo Dumps!
and hundreds more!
Johnny Long has spoken on network security and Google hacking at several computer security conferences around the world including SANS, Defcon, and the Black Hat Briefings. During his recent career with Computer Sciences Corporation (CSC), a leading global IT services company, he has performed active network and physical security assessments for hundreds of government and commercial clients. His website, currently the Internet's largest repository of Google hacking techniques, can be found at http://johnny.ihackstuff.com
Source: http://www.syngress.com/catalog/?pid=3150
http://rapidshare.com/files/47026629/Google_Hacking_for_Penetration_Testers.exe
Yep. its ".exe" file and inside it is the ".pdf" file. NOD32 didnt detect anything. Probably this link will be dead in a few weeks or once detected for copyright issues or something.
PuTTY for Symbian OS
PuTTY is a free SSH client developed by Simon Tatham and others. This page contains a port to the Symbian OS, with support for S60, Series 80 Communicators, and Nokia 7710. All Nokia devices based on Symbian OS and all S60 devices by all manufacturers are supported. Separate UIQs are available from Robert Horvath and MobilEyes AB for UIQ 1 and 2, and from Taneli Leppä for UIQ 3.More info at: http://s2putty.sourceforge.net/
I think this is one of coolest mobile application available for free in the internet.
Trinux - Under active Development again
What is Trinux?
I'v been waiting for this for a while and finally its on active development again..talk about portable old school command line pentesting.. ^_^
For a list of included tools, http://www.threatmind.net/secwiki/UbuntuTrinux/CoreTools
Trinux was a ramdisk-based Linux distribution that boots from a single floppy or CD-ROM, loads it packages from an HTTP/FTP server, a FAT/NTFS/ISO filesystem, or additional floppies. Trinux contains the latest versions of popular Open Source network security tools for port scanning, packet sniffing, vulnerability scanning, sniffer detection, packet construction, active/passive OS fingerprinting, network monitoring, session-hijacking, backup/recovery, computer forensics, intrusion detection, and more. Trinux also provides support for Perl, PHP, and Python scripting languages. Remote Trinux boxes can be managed securely with OpenSSH.More info at: http://trinux.sourceforge.net/legacy/
Trinux gives you the power of Linux security tools without requiring a full-blown Linux install or the need to download, compile, install, and update a complete suite of security tools that are typically not found in mainstream distributions.
This project is now under active development again! See ubuntutrinux page over on Google Code for more information. Development snapshots (meaning 10MB .iso's built on Linux 2.6.20.7 and Busybox 1.4.2) are also available at http://www.threatmind.net/ubuntutrinux.More info at: http://code.google.com/p/ubuntutrinux/
Trinux: A Linux Security Toolkit was a ramdisk-based Linux distribution that was under active development from 1998-2003. This new project (i.e. ubuntutrinux) seeks to integrate elements (and code, where appropriate) of Trinux with the Debian/Ubuntu mkinitramfs infrastructure to allow easy development and packaging Ubuntu binary (and ultimately package and repository) compatible ramdisk distributions using recent 2.6.x kernels. As before, the most common use is network security monitoring and analysis. See this blog entry for more on philosophy and design principles.
Although there might be some overlap in the tools available, this project does not seek to provide a pen-testing distro along the lines of Backtrack or Knoppix-STD . If you are looking for a platform to run Nessus or Metasploit I encourage you to look elsewhere.
I'v been waiting for this for a while and finally its on active development again..talk about portable old school command line pentesting.. ^_^
For a list of included tools, http://www.threatmind.net/secwiki/UbuntuTrinux/CoreTools
Subscribe to:
Posts (Atom)
