Category: General Security
06/23/10
Application Whitelisting and MS Authenticode
F-Secure has recently reported of "…tens of thousands of malware samples that have been signed (with MS Authenticode)."MS Authenticode uses digital signatures (code signing) to authenticate software and inform the user of the fact that the software w… more »
06/14/10
Extend MetaSploit Meterpreter Ruby to Allow Direct Windows API Calls (Railgun)
An interesting MetaSploit extension was recently posted to the MetaSploit mailing list. Railgun is an extension that allows for direct access to the Windows API (any existing or uploaded DLL on the target system) through Meterpreter. Railgun knows arou… more »
05/19/10
MetaSploit Releases "MetaSploitable" Vulnerable Pen-Testing Image
A common question in the security world is "what do you recommend for a pen-testing lab?" This question is typically followed by another question (at least when I'm asked): What specifically are you interested in - web application security (SQL injecti… more »
05/17/10
"If Interested" - Latest Email (419) Scam
It's Monday, and this one was just too funny not to post.
My favorite line is: "In order to become our financial manager for cooperation with private individuals You ARE NOT OBLIGED TO HAVE ANY HIGHER OR PROFESSIONAL EDUCATION."
--Complete Email Be… more »
04/20/10
OWASP Top 10 for 2010 Released
The OWASP has released its Top 10 for 2010 document which can be found here.
As published on their site, the top 10 Risks are:
A1: Injection
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Ob… more »
XML Feeds©2010 by Priveon, Inc.