Rootkits & Web Application Security
May 4, 2009 | Networking Security
Hi All,
I’ve complied a list of interesting articles and tools you might be interested in checking out. I’ve added some web application testing software as well as Dictionary Files + Pen testing tools.
Web Application Security
Dissecting Web Attacks
http://www.blackhat.com/presentations/bh-dc-09/ValSmith/BlackHat-DC-09-valsmith-colin-Dissecting-Web-Attacks.pdf
http://www.blackhat.com/presentations/bh-dc-09/ValSmith/BlackHat-DC-09-valsmith-colin-Web-Attack-Disection-slides.pdf
New Techniques for Defeating SSL/TLS
https://media.blackhat.com/bh-dc-09/video/Marlinspike/blackhat-dc-09-marlinspike-slide.mov
http://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf
XSS Anonymous Browser
http://www.blackhat.com/presentations/bh-dc-09/Flick/BlackHat-DC-09-Flick-XAB_Slides.pdf
http://www.blackhat.com/presentations/bh-dc-09/Flick/BlackHat-DC-09-Flick-XAB-wp.pdf
OWASP Linux Distro&Virtual Machine:
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
OWASP Running An ISO In Vmware
http://securitydistro.com/video-tutorials/53/Running-an-ISO-on-VMware.php
Acunetix WVS
http://www.acunetix.com/
WebScarab
http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
SPIKE Proxy : HTTP Hacking
http://www.immunitysec.com/resources-freesoftware.shtml
Rootkits + Pentesting
http://sectools.org/crackers.html
http://www.offensive-security.com/cons/shmoo2008/muts_at_shmoo.html
Fast-Track
http://www.thepentest.com/
http://www.shmoocon.org/slides/DKENNEDY_FastTrack_ShmooCon_2009.pdf
Wordlists/Dictionary Files:
http://www.outpost9.com/files/WordLists.html
ftp://ftp.ox.ac.uk/pub/wordlists/
ftp://ftp.mirrorgeek.com/openwall/wordlists
Alice in User-Land: Hijacking the Linux Kernel via /dev/mem
http://www.blackhat.com/presentations/bh-europe-09/Lineberry/BlackHat-Europe-2009-Lineberry-code-injection-via-dev-mem-slides.pdf
.NET Framework Rootkits: Backdoors Inside Your Framework
http://www.blackhat.com/presentations/bh-europe-09/Metula/BlackHat-Europe-2009-Metula-NET-Framework-rootkits-whitepaper.pdf
iRK – Crafting OS X Kernel Rootkits
https://www.blackhat.com/presentations/bh-usa-08/D’Auganno/D’Auganno_Extras.zip
https://www.blackhat.com/presentations/bh-usa-08/D’Auganno/BH_US_08_DAuganno_iRK_OS_X_Rootkits.pdf
A New Breed of Rootkit: The System Management Mode (SMM) Rootkit
https://www.blackhat.com/presentations/bh-usa-08/Embleton_Sparks/BH_US_08_Embleton_Sparks_SMM_Rootkits_Slides.pdf
https://media.blackhat.com/bh-usa-08/video/bh-us-08-Embleton/black-hat-usa-08-embleton-smmrootkit-hires.m4v
Nmap: Scanning the Internet
https://www.blackhat.com/presentations/bh-usa-08/Vaskovich/BH_US_08_Vaskovich_Nmap_Scanning_the_Internet.pdf
https://media.blackhat.com/bh-usa-08/video/bh-us-08-Fyodor/black-hat-usa-08-fyodor-nmap.m4v
Meet The Owner Of a Real Hacked Company – Forensic Investigation
https://www.blackhat.com/presentations/bh-usa-08/Shelhart/BH_US_08_Trustwave_Presentation_Shelhart_Meet_Owner.pdf
https://media.blackhat.com/bh-usa-08/video/bh-us-08-Shelhart/black-hat-usa-08-shelhart-hackedcompany-hires.m4v
Dan Kaminsky
Weaponizing Noam Chomsky, or Hacking with Pattern Language
http://www.shmoocon.org/2007/videos/Weaponizing%20Noam%20Chomsky,%20or%20Hacking%20with%20Pattern%20Languages%20-%20Dan%20Kaminsky.mp4
2 Trackback(s)
You must be logged in to post a comment.