Notification : stratégie - filtrage des URL [0x00] News and Changelog Check out the feature sets and services coverage page - including a speed comparison against ncrack and medusa (yes, we win :-) ) Development just moved to a public github repository: There is a new section below for online tutorials. Read below for Linux compilation notes. CHANGELOG for 8.3 =================== ! (1) Target selection 'Asleap - Cisco Attack Tool ' - SecuriTeam Published on April 8th, 2004 Details ‘In August 2003, Joshua wrote a tool called asleap for Linux systems to exploit a weakness in the Cisco LEAP authentication protocol. Using this tool, an attacker can actively compromise Cisco LEAP networks by mounting an offline dictionary attack against weak user passwords. In his testing, Joshua was able to search through large dictionary files very quickly for user passwords (~45 million passwords per second on meager hardware). A quick summary of asleap features are as follows: + Can read live from any wireless interface in RFMON mode with libpcap. + Can monitor a single channel, or perform channel hopping to look for target networks running LEAP. + Will actively de-authenticate users on LEAP networks, forcing them to re-authenticate. + Will only de-authenticate users who have not already been seen, doesn’t waste time on users who are not running LEAP. + Can read from stored libpcap files, or AiroPeek NX files (1.X or 2.X files).
The Penetration Testing Execution Standard Why Every Language Needs Its Underscore - Hackflow (This is an adaptation of a talk I gave at PyCon and DevDay. Slides and video are available in russian) Do you know what underscore is? In its most general it’s a JavaScript library that makes life better. The problem To answer this question we should look at problems this kind of libraries solve. A piece of entangled code This messy piece of code was taken from a real project and slightly simplified: There are several things entangled in here, but my point is that this could be written much shorter: If it seems hard at first, then it’s okay. Dirty dictionary But let’s go on and clean some dirty dictionary: Here we go through dictionary and clean its values by coercing them to int. And it’s entirely possible with funcy. Pairwise iteration This code checks if a sequence is ascending: Ah, iterating over a sequence and keeping track of a previous element. And pairwise does exactly that. All these examples have one common property — red variants have more code. Extracting abstractions Wrap-up P.S.
Security Docs Software >> sslstrip This tool provides a demonstration of the HTTPS stripping attacks that I presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial. For more information on the attack, see the video from the presentation below. Requirements Python >= 2.5 (apt-get install python) The python "twisted-web" module (apt-get install python-twisted-web) Setup tar zxvf sslstrip-0.9.tar.gz cd sslstrip-0.9 (optional) sudo python . Running sslstrip That should do it. How does this work? First, arpspoof convinces a host that our MAC address is the router’s MAC address, and the target begins to send us all its network traffic. At this point, sslstrip receives the traffic and does its magic. Development The current development branch can be found on github.
Top Endpoint Detection & Response (EDR) Solutions for 2021 Check Point Software SandBlast Key takeaway: A good match for companies of all sizes seeking strong endpoint security at a good price point, particularly those who want their EDR solution to do some of the work for them. Check Point’s SandBlast offering was tied for second overall on the strength of its top-notch security and support at a good price. It received the highest score in Ease of Use and came in second in Management, and its automated response capability is also good, making it a strong candidate for smaller companies or those with less sophisticated security teams. In NSS Labs testing, SandBlast handled everything thrown at it, with the sole exception of targeted (hand-crafted) attacks, where it stopped 40%. It offers full-featured management, although users report some challenges with implementation. Check Point Ratings Pros: Automated responseEase of use and managementFull-featured at reasonable cost Cons: Custom rules missingSome implementation challenges reported SentinelOne
STIGs Home The Security Technical Implementation Guides (STIGs) are the configuration standards for DOD IA and IA-enabled devices/systems. Since 1998, DISA has played a critical role enhancing the security posture of DoD's security systems by providing the Security Technical Implementation Guides (STIGs). The STIGs contain technical guidance to "lock down" information systems/software that might otherwise be vulnerable to a malicious computer attack. Questions or comments?Please contact DISA STIG Customer Support Desk: disa.stig_spt@mail.mil
Anti-Patterns in Python Programming - Constantine Lignos This page is a collection of the most unfortunate but occasionally subtle issues I've seen in code written by students new to writing Python. It's written to help students get past the phase of writing ugly Python code and understand some of the most common idioms. The simplifications employed (for example, ignoring generators and the power of itertools when talking about iteration) reflect its intended audience. There are always reasons to use some of these anti-patterns, which I've tried to give those where possible, but in general using these anti-patterns makes for less readable, more buggy, and less Pythonic code. If you have comments or wish to use this work in way other than what the license allows, feel free to get in touch with me by e-mail. The use of range Programmers that are new to Python love using range to perform simple iteration by applying it over the length of an iterable and then getting each element: for i in range(len(alist)): print alist[i] Why do this? Loops