MSFXDC (MetaSploit Framework eXploits Development Contest) is a challenge where the main goal is to code the largest number of new Metasploit Framework exploits modules. MSFXDC is organized by JA-PSI.

continue reading.....

SEaCURE.IT is the first international technical conference ever held in Italy on security related topics, aimed at bringing together the leading experts from all over the world, to create a unique setting for networking and discussion among the speakers and the attendees. The 2009 edition will be held from May 19th to the 22nd in Villasimius, Sardinia.

continue reading.....

Presentation called Hacking Malware - Offense is the new Defense.

continue reading.....

Presentation called Further Down the VM Spiral.

continue reading.....

Whitepaper called Inside the Malicious World of Blog Comment Spam.

continue reading.....

uCon will be held February 28, 2009, three days after the best street carnival in the world, in Recife, Brazil. It aims to bring together academics, hackers and information security enthusiasts from all over the country to share cutting-edge ideas and thoughts about their latest developments and techniques in the field.

continue reading.....

MD5 Considered Harmful Today - Creating A Rogue CA Certificate. The authors of this paper have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept they executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows them to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.

continue reading.....

w3af User Guide written in French.

continue reading.....

The Clickjacking Meets XSS: A State Of Art.

continue reading.....

This paper provides a wide range of methods for testing possible cross site scripting vulnerabilities on web applications.

continue reading.....

Simple SSH brute forcing utility. Written in Expect.

continue reading.....

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

continue reading.....

Brief login form password theft tutorial showing how to backdoor php code once access has been gained to a system in order to not have to crack hashes.

continue reading.....

Write up discussing denial of service attacks on MIME-capable software via complex MIME emails.

continue reading.....

Hacked version of script that logs everything typed to /tmp/.x11sock. Based heavily on script.c.

continue reading.....

This paper’s purpose is to explain the often misunderstood nature of raw sockets. The driving force of writing this text was the curiosity of the author to learn the ins and outs of this powerful socket type also known as SOCK_RAW. What is going to be discussed here will *not* be another tutorial on how to hand-craft one’s own packets. This topic has been overly discussed many times and one can find quite a few references on the net about it (mixter etc). What is going to be discussed here is what raw sockets do behind the scenes.

continue reading.....

Locating Stateless Firewalls focuses on methods to discern between stateful and stateless firewalls. It discusses about how stateless firewalls can be further exploited due to possible misconfigurations and the result of RFC ambiguities.

continue reading.....

Hacking Bash History discusses about why the history mechanism of bash cannot be used as a monitoring/logging facility even with the strictest measures applied to secure it. A section of the text is dedicated to hacking the bash source code to interface it with syslog.

continue reading.....

Whitepaper discussing the ins and outs of SQL injection vulnerabilities and exploitation.

continue reading.....

84 bytes of shellcode for Linux/AMD64 that executes /sbin/iptables -F.

continue reading.....

Whitepaper entitled Frame Pointer Overwrite Demonstration [LINUX].

continue reading.....

Whitepaper entitled Format String Exploitation Demonstration [LINUX].

continue reading.....

An implementation of the A5/1 cipher written in PHP. A5/1 is the current encryption cipher used in Telstra GSM phones.

continue reading.....

An implementation of the A5/1 cipher written in C#. A5/1 is the current encryption cipher used in Telstra GSM phones.

continue reading.....

CanSecWest 2009 Call For Papers - The tenth annual CanSecWest applied technical security conference - where the eminent figures in the international security industry will get together share best practices and technology - will be held in downtown Vancouver at the the Sheraton Wall Centre on March 18-20, 2009.

continue reading.....

24 bytes Linux/x86 execve(/bin/sh,0,0) shellcode without NULLs.

continue reading.....

This is an open source TCP/IP library with asynchronous BlowFish and SSL support.

continue reading.....

Whitepaper entitled Java 2 Micro Edition (J2ME or Java ME) Based Computer Malware Propagation Technique.

continue reading.....

Brief whitepaper discussing stack overflow exploit on Linux.

continue reading.....

Brief whitepaper discussing return to LIBC exploitation on Linux.

continue reading.....