BlackHat USA 2012 July 21, 2012 to July 26, 2012, Las Vegas, USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
ROUND 1: WEB APPLICATION SECURITY Nathan Hamiel N/A Security
ROUND 2: MOBILITY Vincenzo Iozzo w Security
ROUND 3: EMERGING THREATS Shawn Moyer N/A Security
CHANGING THE SECURITY PARADIGM....TAKING BACK YOUR NETWORK AND BRINGING PAIN TO THE ADVERSARY Shawn Henry The threat to our networks is increasing at an unprecedented rate. The hostile environment we ... Security
AN INTERVIEW WITH NEAL STEPHENSON Neal Stephenson "Black Hat USA 2012 is proud to welcome one of the world's foremost Historical and ... Security
A SCIENTIFIC (BUT NON ACADEMIC) STUDY OF HOW MALWARE EMPLOYS ANTI-DEBUGGING, ANTI-DISASSEMBLY AND ANTI-VIRTUALIZATION TECHNOLOGIES Rodrigo Rubira Branco "Malware is widely acknowledged as a growing threat with hundreds of thousands of new samples ... Malware Statistics ExcludeThinkstScapes Static Analysis Counter Measures Survey
A stitch in time saves nine: a case of multiple operating system vulnerability Rafal Wojtczuk Six years ago Linux kernel developers fixed a vulnerability that was caused by using the ... IncludeThinkstScapes Processor Flaw Multiple Platforms
Advanced ARM exploitation Stephen Ridley , Stephen Lawler "Hardware Hacking" is all the rage. Early last year (2011) we at DontStuffBeansUpYourNose.com debuted a ... Exploitation IncludeThinkstScapes ARM
ADVENTURES IN BOUNCERLAND Nicholas J. Percoco , Sean Schulte Meet <REDACTED>*. He is a single function app that wanted to be much more. He ... Malware ExcludeThinkstScapes Bouncer Mobile Security Google Play Store
AMF TESTING MADE EASY! Luca Carettoni Since its introduction in 2002, Action Message Format (AMF) has attracted the interest of developers ... Fuzzing ExcludeThinkstScapes AMF
ARE YOU MY TYPE? - BREAKING .NET SANDBOXES THROUGH SERIALIZATION James Forshaw "In May, Microsoft issued a security update for .NET due to a number of serious ... ExcludeThinkstScapes Serialization .NET
BLENDED THREATS AND JAVASCRIPT: A PLAN FOR PERMANENT NETWORK COMPROMISE Josh ( savant ) Brashars , Phil Purviance During Black Hat 2006, it was shown how common Web browser attacks could be leveraged ... Exploitation ExcludeThinkstScapes Cross Site Request Forgery
BLACK OPS Dan Kaminsky "If there's one thing we know, it's that we're doing it wrong. Sacred cows make ... Security
CATCHING INSIDER DATA THEFT WITH STOCHASTIC FORENSICS Jonathan Grier "A stochastic process is, by definition, something unpredictable, but unpredictable in a precise way. Think ... Computer Forensics ExcludeThinkstScapes
Clonewise - automated package clone detection Silvio Cesare "Developers sometimes statically link libraries from other projects, maintain an internal copy of other software ... IncludeThinkstScapes Static Analysis Clonewise Classification
CONFESSIONS OF A WAF DEVELOPER: PROTOCOL-LEVEL EVASION OF WEB APPLICATION FIREWALLS Ivan Ristic "Most discussions of WAF evasion focus on bypassing detection via attack payload obfuscation. These techniques ... Exploitation Web Application Firewall
CONTROL-ALT-HACK(TM): WHITE HAT HACKING FOR FUN AND PROFIT (A COMPUTER SECURITY CARD GAME) Tadayoshi Kohno , Adam Shostack , Tamara Denning You and your fellow players work for Hackers, Inc.: a small, elite computer security company ... ExcludeThinkstScapes Security Games
DE MYSTERIIS DOM JOBSIVS: MAC EFI ROOTKITS Loukas K The EFI firmware used in Intel Macs and other modern systems presents some interesting possibilities ... Exploitation ExcludeThinkstScapes EFI Mac OS
DEX EDUCATION: PRACTICING SAFE DEX Timothy Strazzere "In an ecosystem full of potentially malicious apps, you need to be careful about the ... Security
DIGGING DEEP INTO THE FLASH SANDBOXES Paul Vincent Sabanal , Mark Vincent Yason "Lately we have seen how sandboxing technology is positively altering the software security landscape. From ... Deep Knowledge ExcludeThinkstScapes Flash Architecture
Don't stand so close to me: an analysis of the NFC attack surface Charlie Miller Near Field Communication (NFC) has been used in mobile devices in some countries for a ... Attack IncludeThinkstScapes NFC
EASY LOCAL WINDOWS KERNEL EXPLOITATION Cesar Cerrudo For some common local Kernel vulnerabilities there is no general, multi-version and reliable way to ... Exploitation ExcludeThinkstScapes Kernel Windows
ERRATA HITS PUBERTY: 13 YEARS OF CHAGRIN Jericho The attrition.org Errata project has documented the shortcomings, hypocrisy, and disgraces of the information technology ... ExcludeThinkstScapes Industry News
EXCHANGING DEMANDS Peter Hannay Smart phones and other portable devices are increasingly used with Microsoft Exchange to allow people ... Mobile Security ExcludeThinkstScapes
Exploit mitigation improvements in Win 8 Matt Miller , Ken Johnson "Over the past decade, Microsoft has added security features to the Windows platform that help ... IncludeThinkstScapes Defence Windows 8 Mitigations
EXPLOITATION OF WINDOWS 8 METRO STYLE APPS Sung-ting Tsai , Ming-chieh Pan "Windows 8 introduces lots of security improvements, one of the most interesting feature is the ... Exploitation ExcludeThinkstScapes Windows 8 AppContainer Sandbox
EXPLOITING THE JEMALLOC MEMORY ALLOCATOR: OWNING FIREFOX'S HEAP Chariton Karamitas , Patroklos Argyroudis "jemalloc is a userland memory allocator that is being increasingly adopted by software projects as ... ExcludeThinkstScapes Attack Heap Overflows Jemalloc
FILE DISINFECTION FRAMEWORK: STRIKING BACK AT POLYMORPHIC VIRUSES Mario Vuksan , Tomislav Pericin "Invincibility lies in the defense; the possibility of victory in the attack." Sun Tzu Polymorphic ... Deep Knowledge ExcludeThinkstScapes Anti-Virus
FIND ME IN YOUR DATABASE: AN EXAMINATION OF INDEX SECURITY David Litchfield "This talk will look at the Oracle indexing architecture and examine some new flaws, with ... Security
Flowers for automated malware analysis Paul Royal , Chengyu Song "Malware, as the centerpiece of threats to the Internet, has increased exponentially. To handle the ... Malware IncludeThinkstScapes Counter Measures
From the Iriscode to the Iris: a new vulnerability of Iris recognition systems Javier Galbally A binary iriscode is a very compact representation of an iris image, and, for a ... Exploitation IncludeThinkstScapes Biometrics Iris Genetic Algorithm
GHOST IS IN THE AIR(TRAFFIC) Andrei Costin Subtitle: On security aspects of ADS-B and other "flying" technology Air-related technologies are on the ... ExcludeThinkstScapes Air Traffic Control
GOOGLE NATIVE CLIENT - ANALYSIS OF A SECURE BROWSER PLUGIN SANDBOX Chris Rohlf "Native Client is Google's attempt at bringing millions of lines of existing C/C++ code to ... ExcludeThinkstScapes Google Chrome Defences Plugins NaCl
HACKING THE CORPORATE MIND: USING SOCIAL ENGINEERING TACTICS TO IMPROVE ORGANIZATIONAL SECURITY ACCEPTANCE James Philput "Network defenders face a wide variety of problems on a daily basis. Unfortunately, the biggest ... Security ExcludeThinkstScapes
HACKING WITH WEBSOCKETS Sergey Shekyan , Vaagn Toukharian "HTML5 isn't just for watching videos on your iPad. Its features may be the target ... WebSockets Exploratory
HARDWARE BACKDOORING IS PRACTICAL Jonathan Brossard This presentation will demonstrate that permanent backdooring of hardware is practical. We have built a ... Security
HERE BE BACKDOORS: A JOURNEY INTO THE SECRETS OF INDUSTRIAL FIRMWARE Ruben Santamarta "PLCs, Smart Meters, SCADA, Industrial Control Systemsnowadays all those terms are well known for the ... Hardware Reverse Engineering ExcludeThinkstScapes Hardware Hacking Embedded
HOOKIN' AIN'T EASY: BEEF INJECTION WITH MITM Ryan Linn , Steve Ocepek Kiddies gotta make the money, and it don\'t come easy when those mean users don\'t ... Exploitation Browser ExcludeThinkstScapes Man-in-the-middle
How many bricks does it take to crack a microcell? Mathew Rowley This is a tale of a journey that tested almost every security related skill I ... IncludeThinkstScapes Hardware Hacking Embedded Microcell
HOW THE ANALYSIS OF ELECTRICAL CURRENT CONSUMPTION OF EMBEDDED SYSTEMS COULD LEAD TO CODE REVERSING? Yann Allain , Julien Moinard A practical approach of Power Analysis dedicated to reverse Engineering This submission presents an experimental ... Reverse Engineering Hardware Reverse Engineering ExcludeThinkstScapes Power Analysis
HTML5 TOP 10 THREATS STEALTH ATTACKS AND SILENT EXPLOITS Shreeraj Shah "HTML5 is an emerging stack for next generation applications. HTML5 is enhancing browser capabilities and ... Security
INTRUSION DETECTION ALONG THE KILL CHAIN: WHY YOUR DETECTION SYSTEM SUCKS AND WHAT TO DO ABOUT IT John Flynn "The field of intrusion detection is a complete failure. Vendor products at best address a ... Security
IOS APPLICATION SECURITY ASSESSMENT AND AUTOMATION: INTRODUCING SIRA Justin Engler , Seth Law , Joshua Dubik , David Vo "Apple's AppStore continues to grow in popularity, and iOS devices continue to have a high ... Testing ExcludeThinkstScapes iOS Static Analysis
IOS KERNEL HEAP ARMAGEDDON REVISITED Stefan Esser "Previous work on kernel heap exploitation for iOS or Mac OS X has only covered ... Security
IOS SECURITY Dallas de Atley Apple designed the iOS platform with security at its core. In this talk, Dallas De ... Security
LEGAL ASPECTS OF CYBERSPACE OPERATIONS Robert Clark This presentation examines the legal regime surrounding cyberspace operations. The analysis looks at the legal ... Security
LOOKING INTO THE EYE OF THE METER Don c. Weber "When you look at a Smart Meter, it practically winks at you. Their Optical Port ... Hardware Reverse Engineering Hardware Hacking Smart Grid
My Arduino can beat up your hotel room lock Cody Brocious "Nearly ten million Onity locks are installed in hotels worldwide, representing 1/3 of hotels and ... Attack IncludeThinkstScapes Hardware Hacking
OWNING BAD GUYS {AND MAFIA} WITH JAVASCRIPT BOTNETS Chema Alonso Man in the middle attacks are still one of the most powerful techniques for owning ... ExcludeThinkstScapes Man-in-the-middle
PINPADPWN Rafael Dominguez Vega , Nils "Pin Pads or Payment Terminals are widely used to accept payments from customers. These devices ...
PRNG: PWNING RANDOM NUMBER GENERATORS (IN PHP APPLICATIONS) George Argyros , Aggelos Kiayias We present a number of novel, practical, techniques for exploiting randomness vulnerabilities in PHP applications. ... ExcludeThinkstScapes Attack PHP Random Functions Entropy
PROBING MOBILE OPERATOR NETWORKS Collin Mulliner Cellular networks do not only host mobile and smart phones but a wide variety of ... Mobile Security ExcludeThinkstScapes Survey Scan
RECENT JAVA EXPLOITATION TRENDS AND MALWARE Jeong wook Oh "We are seeing more and more Java vulnerabilities exploited in the wild. While it might ... Exploitation ExcludeThinkstScapes Java
SCALING UP BASEBAND ATTACKS: MORE (UNEXPECTED) ATTACK SURFACE Ralf-Philipp Weinmann Baseband processors are the components of your mobile phone that communicate with the cellular network. ... Security
Sexydefense - maximizing the home-field advantage Iftach Ian Amit Offensive talks are easy, I know. But the goal of offensive security at the end ... Security IncludeThinkstScapes Defence
SMASHING THE FUTURE FOR FUN AND PROFIT Jennifer Granick , Jeff ( Dark Tangent ) Moss , Adam Shostack , Marcus Ranum , Bruce Schneier "Has it really been 15 years? Time flies when keeping up with Moore's law is ...
SNSCAT: WHAT YOU DON'T KNOW ABOUT SOMETIMES HURTS THE MOST Dan Gunter , Solomon Sonya A vulnerability exists through the use of Social Networking Sites that could allow the exfiltration ... Data Exfiltration Social Media ExcludeThinkstScapes Covert
SQL INJECTION TO MIPS OVERFLOWS: ROOTING SOHO ROUTERS Zachary Cutlip This presentation details an approach by which SQL injection is used to exploit unexposed buffer ... Buffer Overflows Exploitation ExcludeThinkstScapes SQL Injection
SSRF VS. BUSINESS CRITICAL APPLICATIONS Alexander mikhailovich Polyakov , Dmitry Chastuhin "Typical business critical applications have many vulnerabilities because of their complexity, customizable options and lack ... ExcludeThinkstScapes XML SAP Server Side Request Forgery
STATE OF WEB EXPLOIT TOOLKITS Jason Jones Web exploit toolkits have become the most popular method for cybercriminals to compromise hosts and ... Web Exploitation ExcludeThinkstScapes
STILL PASSING THE HASH 15 YEARS LATER? USING THE KEYS TO THE KINGDOM TO ACCESS ALL YOUR DATA Alva Duckwall , Christopher Campbell Kerberos is the cornerstone of Windows domain authentication, but NTLM is still used to accomplish ... ExcludeThinkstScapes Pass The Hash
TARGETED INTRUSION REMEDIATION: LESSONS FROM THE FRONT LINES Jim Aldridge Successfully remediating a targeted, persistent intrusion generally requires a different approach from that applied to ... ExcludeThinkstScapes Defence Advanced Persistent Threat
THE CHRISTOPHER COLUMBUS RULE AND DHS Mark Weatherford "Never fail to distinguish what\'s new, from what\'s new to you." This rule applies to ... Security
THE DEFENSE RESTS: AUTOMATION AND APIS FOR IMPROVING SECURITY David Mortman Want to get better at security? Improve your ops and improve your dev. Most of ... Security
THE INFO LEAK ERA ON SOFTWARE EXPLOITATION Fermin J. Serna Previously, and mainly due to application compatibility. ASLR has not been as effective as it ... Exploitation Information Leaks
THE MYTH OF TWELVE MORE BYTES: SECURITY ON THE POST-SCARCITY INTERNET Alex Stamos , Tom Ritter In what may be the greatest technical shift the Internet has seen, three of the ... IPv6 ExcludeThinkstScapes DNSSEC GTLDs
TORTURING OPENSSL Valeria Bertacco "For any computing system to be secure, both hardware and software have to be trusted. ... Cryptography ExcludeThinkstScapes OpenSSL Key recovery
TRUST, SECURITY, AND SOCIETY Bruce Schneier "Human societies run on trust. Every day, we all trust millions of people, organizations, and ... Security
WE HAVE YOU BY THE GADGETS Toby Kohlenberg , Mickey Shkatov Why send someone an executable when you can just send them a sidebar gadget? We ... Malware Windows Windows Gadgets
WEB TRACKING FOR YOU Gregory Fleischer There has been a lot of conversation recently around the privacy degrading techniques used by ... Privacy ExcludeThinkstScapes Tracking
WINDOWS PHONE 7 INTERNALS AND EXPLOITABILITY Tsukasa Oi Windows Phone 7 is a modern mobile operating system developed by Microsoft. This operating system ... Exploitation Windows Phone 7
WINDOWS 8 HEAP INTERNALS Chris Valasek , Tarjei Mandt "Windows 8 developer preview was released in September 2011. While many focused on the Metro ... Deep Knowledge Exploitation ExcludeThinkstScapes Windows 8 Heap Overflows
<GHZ OR BUST: BLACKHAT Atlas "Wifi is cool and so is cellular, but the real fun stuff happens below the ... Security
ADVANCED CHROME EXTENSION EXPLOITATION - LEVERAGING API POWERS FOR THE BETTER EVIL Kyle Osborn , Krzysztof Kotowicz Browser exploitation can seem to be a nearly unachievable task these days. ASLR, DEP, segregated ... Exploitation Google Chrome Extensions
CODE REVIEWING WEB APPLICATION FRAMEWORK BASED APPLICATIONS (STRUTS 2, SPRING MVC, RUBY ON RAILS (GROOVY ON GRAILS), .NET MVC) Abraham Kang This workshop will give participants an opportunity to practically review Web Application Framework based applications ... Security
LESSONS OF BINARY ANALYSIS Christien ( Dildog ) Rioux "Ever wanted to know more about how static binary analysis works? It's complicated. Ever want ... ExcludeThinkstScapes Static Analysis
LINUX INTERACTIVE EXPLOIT DEVELOPMENT WITH GDB AND PEDA Long Le "Exploit development requires a lot of interactive works with debugger, automating time consuming tasks will ... Security
MOBILE NETWORK FORENSICS WORKSHOP Eric Fulton "Intentionally or not, your phone leaks data to the world. What can you-- or your ... Security
RUBY FOR PENTESTERS: THE WORKSHOP Cory Scott , Michael Tracy , Timur Duehr "Having a great set of test tools could be the difference between a successful engagement ...
THE DARK ART OF IOS APPLICATION HACKING Jonathan Zdziarski "This talk demonstrates how modern day financial applications, password and credit card managers, and other ... ExcludeThinkstScapes iOS
CUTECATS.EXE AND THE ARAB SPRING Morgan Marquis-boire There has been significant discussion regarding the impact of the internet, social media, and smart ... ExcludeThinkstScapes Activism Politics Client-side
EMBEDDED DEVICE FIRMWARE VULNERABILITY HUNTING USING FRAK Ang Cui We present FRAK**, the firmware reverse analysis konsole. FRAK is a framework for unpacking, analyzing, ... Security
HTEXPLOIT BYPASSING HTACCESS RESTRICTIONS Maximiliano Soler , Matias Katz HTExploit is an open-source tool written in Python that exploits a weakness in the way ...
LIBINJECTION: A C LIBRARY FOR SQLI DETECTION AND GENERATION THROUGH LEXICAL ANALYSIS OF REAL WORLD ATTACKS Nick Galbreath SQLi and other injection attacks remain the top OWASP and CERT vulnerability. Current detection attempts ... ExcludeThinkstScapes Defence SQL Injection
MAPPING AND EVOLUTION OF ANDROID PERMISSIONS Zach Lanier , Andrew Reiter The Android Open Source Project provides a software stack for mobile devices. The provided API ...
MODSECURITY AS UNIVERSAL CROSS-PLATFORM WEB PROTECTION TOOL Greg Wroblewski , Ryan C. Barnett "For many years ModSecurity was a number one free open source web application firewall for ...
PASSIVE BLUETOOTH MONITORING IN SCAPY Ryan Holeman "Recognizing a need to support passive bluetooth monitoring in Scapy, Python's interactive monitoring framework, a ... Security
STAMP OUT HASH CORRUPTION, CRACK ALL THE THINGS Ryan Reynolds , Jonathan Claudius The precursor to cracking any password is getting the right hash. In this talk we ... ExcludeThinkstScapes Windows Pass The Hash
STIX: THE STRUCTURED THREAT INFORMATION EXPRESSION Sean Barnum This Turbo Talk will give a brief introduction and overview of an ongoing effort to ... Security
SYNFUL DECEIT, STATEFUL SUBTERFUGE Tom Steele , Chris Patten Successful network reconnaissance and attacks are almost always predicated by effectively identify listening application services. ...
THE LAST GASP OF THE INDUSTRIAL AIR-GAP... Eireann Leverett Industrial Systems are widely believed to be air-gapped. At previous Black Hat conferences, people have ... Security
WHEN SECURITY GETS IN THE WAY: PENTESTING MOBILE APPS THAT USE CERTIFICATE PINNING Justine Osborne , Alban Diquet More and more mobile applications such as the Chrome, Twitter and card.io apps have started ... Mobile Security Application Security ExcludeThinkstScapes Certificate Pinning
..CANTOR.DUST.. Christopher Domas "..cantor.dust.. is an interactive binary visualization tool, a radical evolution of the traditional hex editor. ... Security
ARMITAGE Raphael Mudge Armitage is a red team collaboration tool built on the open source Metasploit Framework. Released ... Security
ARPWNER Nicolas Trippar ARPwner is a tool to do arp poisoning and dns poisoning attacks, with a simple ... Security
AWS SCOUT Jonathan Chittenden The scale and variety of Amazon Web Servers (AWS) has created a constantly changing landscape. ... Security
BACKFUZZ Matias Choren "Backfuzz is a fuzzing tool for different protocols (FTP, HTTP, IMAP, etc) written in Python. ... Security
BURP EXTENSIBILITY SUITE James Lester Whether it be several Class B Subnets, a custom Web Application utilizing tokenization, or the ... Security
BYPASSING EVERY CAPTCHA PROVIDER WITH CLIPCAPTCHA Gursev Singh Kalra "reCAPTCHA and other CAPTCHA service providers validate millions of CAPTCHAs each day and protect thousands ... Security
CROWDRE Georg Wicherski "Reversing complex software quickly is challenging due to the lack of professional tools that support ... Security
FAKENET Andrew Honig "FakeNet is a tool that aids in the dynamic analysis of malicious software. The tool ... Security
GENERIC METASPLOIT NTLM RELAYER Rich Lundeen "NTLM auth blobs contain the keys to the kingdom in most domain environments, and relaying ... Security
GSPLOIT Gianni Gnesa Gsploit is a scriptable penetration testing framework written in Python that not only provides a ... Security
ICE-HOLE 0.3 (BETA) Darren Manners Ice-hole is a java email phishing tool that identifies when a user has clicked on ... Security
INCIDENT RESPONSE ANALYSIS VISUALIZATION AND THREAT CLUSTERING THROUGH GENOMIC ANALYSIS Anup K. Ghosh By capturing real-time forensic information on thwarted zero-day attacks using virtual environments for browsers and ... Security
ISNIFF GPS Hubert Seiwert "iSniff GPS performs passive wireless sniffing to identify nearby iPhones and iPads. Data disclosed by ... Security
KAUTILYA AND NISHANG Nikhil Mittal Kautilya is a toolkit and framework which allows usage of USB Human Interface Devices in ... Security
LIME FORENSICS 1.1 Joe Sylve LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile ... Security
MAP Jerome Radcliffe With MAP, enterprise apps can be wrapped post-development, so there is no code to write: ... Security
MIRV Konrads Smelkovs "MIRV (Metasploit's Incident Response Vehicle) is a new tool (based on Metasploit's meterpreter) which was ... Security
MODSECURITY OPEN SOURCE WAF Ryan C. Barnett ModSecurity is already the most widely deployed WAF in existence protecting millions of web sites, ... Security
OWASP BROKEN WEB APPLICATIONS PROJECT Chuck Willis The Open Web Application Security Project (OWASP) Broken Web Applications project (www.owaspbwa.org) provides a free ... Security
OYEDATA FOR ODATA ASSESSMENTS Gursev Singh Kalra OData is a new data access protocol that is being adopted by many major software ... Security
PEEPDF Jose Miguel Esparza "peepdf is a Python tool to explore PDF files in order to find out if ... Security
PHPMAP Matt Bergin Attempts to leverage the lack of input validation on the php eval() function in web ... Security
REDLINE Lucas Zaichkowsky Redline is free utility from Mandiant that makes both experienced and entry-level incident responders faster ... Security
REGISTRY DECODER Lodovico Marziale The registry on Windows systems contain a tremendous wealth of forensic artifacts, including application executions, ... Security
SAP PROXY Ian De Villiers "The analysis and reverse engineering of SAP GUI network traffic has been the subject of ... Security
SEMI-AUTOMATED IOS RAPID ASSESSMENT Justin Engler "Apple's AppStore continues to grow in popularity, and iOS devices continue to have a high ... Security
SMARTPHONE PENTESTING FRAMEWORK Georgia Weidman As smartphones enter the workplace, sharing the network and accessing sensitive data, it is crucial ... Security
TENACIOUS DIGGITY - NEW GOOGLE HACKING DIGGITY SUITE TOOLS Francis Brown All brand new tool additions to the Google Hacking Diggity Project - The Next Generation ... Security
THREADFIX Dan Cornell ThreadFix is an open source software vulnerability aggregation and management system that allows software security ... Security
VEGA David mirza Ahmad Vega is a GUI-based, multi-platform, free and open source web security scanner that can be ... Security
WATOBO - WEB APPLICATION TOOLBOX Andreas Schmidt Doing manual penetration tests on web applications is time-consuming and can be very boring or ... Security
XMPPloit Luis Delgado "XMPPloit is a command-line tool to attack XMPP connections, allowing the attacker to place a ... Exploitation SSL IncludeThinkstScapes XMPP