L0PHT AUDIT PENTEST PEN TEST |
| 2009-05-31 | Tony Carothers | L0phtcrack is Back! |
L0PHT |
| 2009-05-31/a> | Tony Carothers | L0phtcrack is Back! |
AUDIT |
| 2020-02-16/a> | Guy Bruneau | SOAR or not to SOAR? |
| 2017-09-11/a> | Russ McRee | Windows Auditing with WINspect |
| 2016-11-25/a> | Xavier Mertens | Free Software Quick Security Checklist |
| 2016-05-18/a> | Russ McRee | Resources: Windows Auditing & Monitoring, Linux 2FA |
| 2016-02-26/a> | Xavier Mertens | Quick Audit of *NIX Systems |
| 2015-03-07/a> | Guy Bruneau | Should it be Mandatory to have an Independent Security Audit after a Breach? |
| 2014-09-27/a> | Guy Bruneau | What has Bash and Heartbleed Taught Us? |
| 2013-08-21/a> | Rob VandenBrink | Fibre Channel Reconnaissance - Reloaded |
| 2013-02-14/a> | Bojan Zdrnja | Auditd is your friend |
| 2012-09-05/a> | Rob VandenBrink | Auditing a Network for VOIP Call Quality Metrics |
| 2010-04-06/a> | Daniel Wesemann | Application Logs |
| 2009-08-19/a> | Daniel Wesemann | Checking your protection |
| 2009-08-16/a> | Mari Nichols | Surviving a third party onsite audit |
| 2009-05-31/a> | Tony Carothers | L0phtcrack is Back! |
| 2008-03-30/a> | Mark Hofman | Mail Anyone? |
PENTEST |
| 2019-11-29/a> | Russ McRee | ISC Snapshot: Search with SauronEye |
| 2018-01-28/a> | Didier Stevens | Is this a pentest? |
| 2017-09-06/a> | Adrien de Beaupre | Modern Web Application Penetration Testing , Hash Length Extension Attacks |
| 2017-05-05/a> | Xavier Mertens | HTTP Headers... the Achilles' heel of many applications |
| 2016-11-02/a> | Rob VandenBrink | What Does a Pentest Look Like? |
| 2016-09-28/a> | Xavier Mertens | SNMP Pwn3ge |
| 2016-01-20/a> | Xavier Mertens | /tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters! |
| 2015-11-09/a> | John Bambenek | ICYMI: Widespread Unserialize Vulnerability in Java |
| 2015-10-27/a> | Xavier Mertens | The "Yes, but..." syndrome |
| 2014-08-12/a> | Adrien de Beaupre | Host discovery with nmap |
| 2013-08-21/a> | Rob VandenBrink | Fibre Channel Reconnaissance - Reloaded |
| 2011-08-26/a> | Daniel Wesemann | User Agent 007 |
| 2010-11-19/a> | Jason Lam | Exchanging and sharing of assessment results |
| 2010-06-06/a> | Manuel Humberto Santander Pelaez | Nice OS X exploit tutorial |
| 2010-02-22/a> | Rob VandenBrink | New Risks in Penetration Testing |
| 2009-05-31/a> | Tony Carothers | L0phtcrack is Back! |
PEN |
| 2024-08-22/a> | Johannes Ullrich | OpenAI Scans for Honeypots. Artificially Malicious? Action Abuse? |
| 2023-02-25/a> | Didier Stevens | Crypto Inside a Browser |
| 2022-11-02/a> | Rob VandenBrink | Breakpoints in Burp |
| 2022-06-20/a> | Johannes Ullrich | Odd TCP Fast Open Packets. Anybody understands why? |
| 2022-03-03/a> | Johannes Ullrich | Attackers Search For Exposed "LuCI" Folders: Help me understand this attack |
| 2021-06-18/a> | Daniel Wesemann | Open redirects ... and why Phishers love them |
| 2021-05-14/a> | Xavier Mertens | "Open" Access to Industrial Systems Interface is Also Far From Zero |
| 2020-08-10/a> | Bojan Zdrnja | Scoping web application and web service penetration tests |
| 2020-05-15/a> | Rob VandenBrink | SHA3 Hashes (on Windows) - Where Art Thou? |
| 2020-03-15/a> | Guy Bruneau | VPN Access and Activity Monitoring |
| 2019-11-29/a> | Russ McRee | ISC Snapshot: Search with SauronEye |
| 2019-10-22/a> | Bojan Zdrnja | Testing TLSv1.3 and supported ciphers |
| 2019-08-28/a> | Johannes Ullrich | [Guest Diary] Open Redirect: A Small But Very Common Vulnerability |
| 2019-05-16/a> | Xavier Mertens | The Risk of Authenticated Vulnerability Scans |
| 2019-04-26/a> | Rob VandenBrink | Pillaging Passwords from Service Accounts |
| 2019-04-01/a> | Didier Stevens | Analysis of PDFs Created with OpenOffice/LibreOffice |
| 2018-11-27/a> | Xavier Mertens | More obfuscated shell scripts: Fake MacOS Flash update |
| 2018-10-26/a> | Xavier Mertens | Dissecting Malicious Office Documents with Linux |
| 2018-08-20/a> | Didier Stevens | OpenSSH user enumeration (CVE-2018-15473) |
| 2018-06-07/a> | Remco Verhoef | Automated twitter loot collection |
| 2018-01-28/a> | Didier Stevens | Is this a pentest? |
| 2017-11-25/a> | Guy Bruneau | Benefits associated with the use of Open Source Software |
| 2017-09-06/a> | Adrien de Beaupre | Modern Web Application Penetration Testing , Hash Length Extension Attacks |
| 2017-05-05/a> | Xavier Mertens | HTTP Headers... the Achilles' heel of many applications |
| 2017-04-02/a> | Guy Bruneau | IPFire - A Household Multipurpose Security Gateway |
| 2016-11-25/a> | Xavier Mertens | Free Software Quick Security Checklist |
| 2016-11-02/a> | Rob VandenBrink | What Does a Pentest Look Like? |
| 2016-09-28/a> | Xavier Mertens | SNMP Pwn3ge |
| 2016-09-04/a> | Russ McRee | Kali Linux 2016.2 Release: https://www.kali.org/news/kali-linux-20162-release/ |
| 2016-07-28/a> | Bojan Zdrnja | Verifying SSL/TLS certificates manually |
| 2016-05-03/a> | Rick Wanner | OpenSSL Updates |
| 2016-02-27/a> | Guy Bruneau | OpenSSL Security Update Planned for 1 March Release |
| 2016-02-22/a> | Xavier Mertens | Reducing False Positives with Open Data Sources |
| 2016-02-03/a> | Xavier Mertens | Automating Vulnerability Scans |
| 2016-01-31/a> | Guy Bruneau | OpenSSL 1.0.2 Advisory and Update |
| 2016-01-20/a> | Xavier Mertens | /tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters! |
| 2015-12-23/a> | Rob VandenBrink | Libraries and Dependencies - It Really is Turtles All The Way Down! |
| 2015-11-22/a> | Guy Bruneau | OpenDNS Research Used to Predict Threat |
| 2015-11-09/a> | John Bambenek | ICYMI: Widespread Unserialize Vulnerability in Java |
| 2015-10-27/a> | Xavier Mertens | The "Yes, but..." syndrome |
| 2014-08-12/a> | Adrien de Beaupre | Host discovery with nmap |
| 2014-08-09/a> | Adrien de Beaupre | Complete application ownage via Multi-POST XSRF |
| 2014-08-06/a> | Chris Mohan | OpenSSL Security Advisories http://www.openssl.org/news/secadv_20140806.txt |
| 2014-08-04/a> | Russ McRee | Threats & Indicators: A Security Intelligence Lifecycle |
| 2014-06-12/a> | Johannes Ullrich | Metasploit now includes module to exploit CVE-2014-0195 (OpenSSL DTLS Fragment Vuln.) |
| 2014-06-05/a> | Johannes Ullrich | Critical OpenSSL Patch Available. Patch Now! |
| 2014-06-05/a> | Johannes Ullrich | Internet Storm Center Briefing on OpenSSL Vulnerabilities today at 12pm ET (8am PT/4pm UTC) https://www.sans.org/webcasts/98445 |
| 2014-06-05/a> | Johannes Ullrich | More Details Regarding CVE-2014-0195 (DTLS arbitrary code execution) |
| 2014-06-05/a> | Johannes Ullrich | Updated OpenSSL Patch Presentation |
| 2014-04-26/a> | Guy Bruneau | New Project by Linux Foundation - Core Infrastructure Initiative |
| 2014-04-21/a> | Daniel Wesemann | OpenSSL Rampage |
| 2014-04-21/a> | Daniel Wesemann | Finding the bleeders |
| 2014-04-15/a> | Richard Porter | VMWare Advisory VMSA-2014-0004 - Updates on OpenSSL HeartBleed http://www.vmware.com/security/advisories/VMSA-2014-0004.html |
| 2014-04-14/a> | Kevin Shortt | INFOCon Green: Heartbleed - on the mend |
| 2014-04-11/a> | Johannes Ullrich | Tonight OpenSSL Webcast #4: Client Side Issues / What to tell your kids & managers about it https://www.sans.org/webcasts/side-heartbleed-client-vulnerabilities-98135 |
| 2014-04-08/a> | Guy Bruneau | OpenSSL CVE-2014-0160 Fixed |
| 2014-04-08/a> | Johannes Ullrich | * Patch Now: OpenSSL "Heartbleed" Vulnerability |
| 2014-01-02/a> | John Bambenek | OpenSSL.org Defaced by Attackers Gaining Access to Hypervisor |
| 2013-12-29/a> | Russ McRee | OpenSSL suffers apparent defacement |
| 2013-10-22/a> | Richard Porter | Greenbone and OpenVAS Scanner |
| 2013-08-21/a> | Rob VandenBrink | Fibre Channel Reconnaissance - Reloaded |
| 2013-05-20/a> | Guy Bruneau | Safe - Tools, Tactics and Techniques |
| 2013-02-11/a> | John Bambenek | OpenSSL 1.0.1e Released with Corrected fix for CVE-2013-1069, more here: http://www.openssl.org/ |
| 2012-12-06/a> | Johannes Ullrich | How to identify if you are behind a "Transparent Proxy" |
| 2012-07-21/a> | Rick Wanner | OpenDNS is looking for a few good malware people! |
| 2012-05-01/a> | Rob VandenBrink | Are Open SSIDs in decline? |
| 2012-04-24/a> | Russ McRee | OpenSSL reissues fix for ASN1 BIO vulnerability |
| 2012-04-19/a> | Kevin Shortt | OpenSSL Security Advisory - CVE-2012-2110 |
| 2012-03-12/a> | Guy Bruneau | OpenSSL Security Update |
| 2012-01-07/a> | Scott Fendley | Updated OpenDLP |
| 2011-11-07/a> | Rob VandenBrink | Stuff I Learned Scripting - Evaluating a Remote SSL Certificate |
| 2011-10-26/a> | Rick Wanner | Critical Control 17:Penetration Tests and Red Team Exercises |
| 2011-08-26/a> | Daniel Wesemann | User Agent 007 |
| 2011-05-09/a> | Rick Wanner | Serious flaw in OpenID |
| 2011-05-09/a> | Rick Wanner | VUPEN Security pwns Google Chrome |
| 2011-04-18/a> | John Bambenek | Wordpress.com Security Breach |
| 2011-02-05/a> | Guy Bruneau | OpenSSH Legacy Certificate Information Disclosure Vulnerability |
| 2011-01-28/a> | Guy Bruneau | OpenOffice Security Fixes |
| 2010-12-15/a> | Johannes Ullrich | OpenBSD IPSec "Backdoor" |
| 2010-11-19/a> | Jason Lam | Exchanging and sharing of assessment results |
| 2010-11-16/a> | Guy Bruneau | OpenSSL TLS Extension Parsing Race Condition |
| 2010-09-16/a> | Johannes Ullrich | OpenX Ad-Server Vulnerability |
| 2010-08-23/a> | Manuel Humberto Santander Pelaez | Firefox plugins to perform penetration testing activities |
| 2010-08-16/a> | Raul Siles | Blind Elephant: A New Web Application Fingerprinting Tool |
| 2010-08-15/a> | Manuel Humberto Santander Pelaez | Opensolaris project cancelled, replaced by Solaris 11 express |
| 2010-06-06/a> | Manuel Humberto Santander Pelaez | Nice OS X exploit tutorial |
| 2010-06-05/a> | Guy Bruneau | OpenOffice.org 3.2.1 Fixes Bugs and Vulnerabilities |
| 2010-06-02/a> | Mark Hofman | OpenSSL version 1.0.0a released. This fixes a number of security issues. Don't forget a number of commercial appliances will be using this, so look for vendor updates soon. |
| 2010-04-25/a> | Raul Siles | Manual Verification of SSL/TLS Certificate Trust Chains using Openssl |
| 2010-04-13/a> | Adrien de Beaupre | Web App Testing Tools |
| 2010-03-29/a> | Adrien de Beaupre | OpenSSL V 1.0.0 released! |
| 2010-02-26/a> | Rick Wanner | OpenSSL 0.9.8m released. |
| 2010-02-22/a> | Rob VandenBrink | Multiple Security Updates for OpenOffice ==> http://www.openoffice.org/security/bulletin.html |
| 2010-02-22/a> | Rob VandenBrink | New Risks in Penetration Testing |
| 2010-01-19/a> | Jim Clausing | Apple Security Update 2010-001 |
| 2009-11-17/a> | Guy Bruneau | OpenVPN Fixed OpenSSL Session Renegotiation Issue |
| 2009-11-06/a> | Andre Ludwig | New version of OpenSSL released - OpenSSL 0.9.8l |
| 2009-10-26/a> | Johannes Ullrich | Today: ISC Login bugfix day. If you have issues logging in using OpenID, please email a copy of your OpenID URL to jullrich\at\sans.edu |
| 2009-10-02/a> | Stephen Hall | New version of OpenSSH released |
| 2009-07-27/a> | Raul Siles | New Hacker Challenge: Prison Break - Breaking, Entering & Decoding |
| 2009-07-09/a> | Bojan Zdrnja | OpenSSH 0day FUD |
| 2009-07-07/a> | Marcus Sachs | OpenSSH Rumors |
| 2009-07-03/a> | Adrien de Beaupre | Happy 4th of July! |
| 2009-05-31/a> | Tony Carothers | L0phtcrack is Back! |
| 2009-05-01/a> | Adrien de Beaupre | OpenBSD 4.5 |
| 2009-04-26/a> | Johannes Ullrich | Odd DNS Resolution for Google via OpenDNS |
| 2009-04-21/a> | Bojan Zdrnja | Web application vulnerabilities |
| 2009-01-08/a> | Kyle Haugsness | BIND OpenSSL follow-up |
| 2008-09-20/a> | Rick Wanner | New (to me) nmap Features |
| 2008-06-09/a> | Scott Fendley | So Where Are Those OpenSSH Key-based Attacks? |
| 2008-05-16/a> | Daniel Wesemann | INFOcon back to green |
| 2008-05-15/a> | Bojan Zdrnja | Debian and Ubuntu users: fix your keys/certificates NOW |
| 2008-05-15/a> | Bojan Zdrnja | INFOCon yellow: update your Debian generated keys/certs ASAP |
| 2008-05-13/a> | Swa Frantzen | OpenSSH: Predictable PRNG in debian and ubuntu Linux |
| 2006-11-29/a> | Toby Kohlenberg | New Vulnerability Announcement and patches from Apple |
| 2006-09-13/a> | Swa Frantzen | PHP - shared hosters, take note. |
TEST |
| 2023-09-29/a> | Xavier Mertens | Are You Still Storing Passwords In Plain Text Files? |
| 2020-08-10/a> | Bojan Zdrnja | Scoping web application and web service penetration tests |
| 2020-06-05/a> | Johannes Ullrich | Cyber Security for Protests |
| 2019-11-29/a> | Russ McRee | ISC Snapshot: Search with SauronEye |
| 2019-10-22/a> | Bojan Zdrnja | Testing TLSv1.3 and supported ciphers |
| 2019-07-23/a> | Bojan Zdrnja | Verifying SSL/TLS configuration (part 1) |
| 2019-04-26/a> | Rob VandenBrink | Pillaging Passwords from Service Accounts |
| 2018-12-16/a> | Guy Bruneau | Random Port Scan for Open RDP Backdoor |
| 2018-07-02/a> | Guy Bruneau | Hello Peppa! - PHP Scans |
| 2018-01-28/a> | Didier Stevens | Is this a pentest? |
| 2017-09-06/a> | Adrien de Beaupre | Modern Web Application Penetration Testing , Hash Length Extension Attacks |
| 2017-05-13/a> | Guy Bruneau | Has anyone Tested WannaCry Killswitch? - https://blog.didierstevens.com/2017/05/13/quickpost-wcry-killswitch-check-is-not-proxy-aware/ |
| 2017-05-05/a> | Xavier Mertens | HTTP Headers... the Achilles' heel of many applications |
| 2016-11-02/a> | Rob VandenBrink | What Does a Pentest Look Like? |
| 2016-09-28/a> | Xavier Mertens | SNMP Pwn3ge |
| 2016-09-04/a> | Russ McRee | Kali Linux 2016.2 Release: https://www.kali.org/news/kali-linux-20162-release/ |
| 2016-01-20/a> | Xavier Mertens | /tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters! |
| 2015-11-09/a> | John Bambenek | ICYMI: Widespread Unserialize Vulnerability in Java |
| 2015-10-27/a> | Xavier Mertens | The "Yes, but..." syndrome |
| 2014-08-12/a> | Adrien de Beaupre | Host discovery with nmap |
| 2014-08-09/a> | Adrien de Beaupre | Complete application ownage via Multi-POST XSRF |
| 2014-04-03/a> | Bojan Zdrnja | Watching the watchers |
| 2013-08-21/a> | Rob VandenBrink | Fibre Channel Reconnaissance - Reloaded |
| 2012-03-09/a> | Guy Bruneau | Nmap 5.61TEST5 released with 43 new scripts,improved OS & version detection, and more available for download - http://nmap.org/download.html |
| 2011-10-26/a> | Rick Wanner | Critical Control 17:Penetration Tests and Red Team Exercises |
| 2011-08-26/a> | Daniel Wesemann | User Agent 007 |
| 2011-01-24/a> | Rob VandenBrink | Where have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool |
| 2010-11-19/a> | Jason Lam | Exchanging and sharing of assessment results |
| 2010-08-23/a> | Manuel Humberto Santander Pelaez | Firefox plugins to perform penetration testing activities |
| 2010-08-16/a> | Raul Siles | Blind Elephant: A New Web Application Fingerprinting Tool |
| 2010-06-06/a> | Manuel Humberto Santander Pelaez | Nice OS X exploit tutorial |
| 2010-05-22/a> | Rick Wanner | SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge |
| 2010-04-13/a> | Adrien de Beaupre | Web App Testing Tools |
| 2010-02-22/a> | Rob VandenBrink | New Risks in Penetration Testing |
| 2009-11-25/a> | Jim Clausing | Updates to my GREM Gold scripts and a new script |
| 2009-07-27/a> | Raul Siles | New Hacker Challenge: Prison Break - Breaking, Entering & Decoding |
| 2009-05-31/a> | Tony Carothers | L0phtcrack is Back! |
| 2009-04-21/a> | Bojan Zdrnja | Web application vulnerabilities |
| 2008-11-17/a> | Jim Clausing | A new cheat sheet and a contest |
| 2008-09-20/a> | Rick Wanner | New (to me) nmap Features |
