BlackHat USA 2012 July 21, 2012 to July 26, 2012, Las Vegas, USA
Tell us about missing data
Tell us about missing data
| Title | Speakers | Summary | Topic Types |
|---|---|---|---|
| ROUND 1: WEB APPLICATION SECURITY | Nathan Hamiel | N/A | Security |
| ROUND 2: MOBILITY | Vincenzo Iozzo | w | Security |
| ROUND 3: EMERGING THREATS | Shawn Moyer | N/A | Security |
| CHANGING THE SECURITY PARADIGM....TAKING BACK YOUR NETWORK AND BRINGING PAIN TO THE ADVERSARY | Shawn Henry | The threat to our networks is increasing at an unprecedented rate. The hostile environment we ... | Security |
| AN INTERVIEW WITH NEAL STEPHENSON | Neal Stephenson | "Black Hat USA 2012 is proud to welcome one of the world's foremost Historical and ... | Security |
| A SCIENTIFIC (BUT NON ACADEMIC) STUDY OF HOW MALWARE EMPLOYS ANTI-DEBUGGING, ANTI-DISASSEMBLY AND ANTI-VIRTUALIZATION TECHNOLOGIES | Rodrigo Rubira Branco | "Malware is widely acknowledged as a growing threat with hundreds of thousands of new samples ... | Malware Statistics ExcludeThinkstScapes Static Analysis Counter Measures Survey |
| A stitch in time saves nine: a case of multiple operating system vulnerability | Rafal Wojtczuk | Six years ago Linux kernel developers fixed a vulnerability that was caused by using the ... | IncludeThinkstScapes Processor Flaw Multiple Platforms |
| Advanced ARM exploitation | Stephen Lawler , Stephen Ridley | "Hardware Hacking" is all the rage. Early last year (2011) we at DontStuffBeansUpYourNose.com debuted a ... | Exploitation IncludeThinkstScapes ARM |
| ADVENTURES IN BOUNCERLAND | Nicholas J. Percoco , Sean Schulte | Meet <REDACTED>*. He is a single function app that wanted to be much more. He ... | Malware ExcludeThinkstScapes Bouncer Mobile Security Google Play Store |
| AMF TESTING MADE EASY! | Luca Carettoni | Since its introduction in 2002, Action Message Format (AMF) has attracted the interest of developers ... | Fuzzing ExcludeThinkstScapes AMF |
| ARE YOU MY TYPE? - BREAKING .NET SANDBOXES THROUGH SERIALIZATION | James Forshaw | "In May, Microsoft issued a security update for .NET due to a number of serious ... | ExcludeThinkstScapes Serialization .NET |
| BLENDED THREATS AND JAVASCRIPT: A PLAN FOR PERMANENT NETWORK COMPROMISE | Josh ( savant ) Brashars , Phil Purviance | During Black Hat 2006, it was shown how common Web browser attacks could be leveraged ... | Exploitation ExcludeThinkstScapes Cross Site Request Forgery |
| BLACK OPS | Dan Kaminsky | "If there's one thing we know, it's that we're doing it wrong. Sacred cows make ... | Security |
| CATCHING INSIDER DATA THEFT WITH STOCHASTIC FORENSICS | Jonathan Grier | "A stochastic process is, by definition, something unpredictable, but unpredictable in a precise way. Think ... | Computer Forensics ExcludeThinkstScapes |
| Clonewise - automated package clone detection | Silvio Cesare | "Developers sometimes statically link libraries from other projects, maintain an internal copy of other software ... | IncludeThinkstScapes Static Analysis Clonewise Classification |
| CONFESSIONS OF A WAF DEVELOPER: PROTOCOL-LEVEL EVASION OF WEB APPLICATION FIREWALLS | Ivan Ristic | "Most discussions of WAF evasion focus on bypassing detection via attack payload obfuscation. These techniques ... | Exploitation Web Application Firewall |
| CONTROL-ALT-HACK(TM): WHITE HAT HACKING FOR FUN AND PROFIT (A COMPUTER SECURITY CARD GAME) | Tadayoshi Kohno , Adam Shostack , Tamara Denning | You and your fellow players work for Hackers, Inc.: a small, elite computer security company ... | ExcludeThinkstScapes Security Games |
| DE MYSTERIIS DOM JOBSIVS: MAC EFI ROOTKITS | Loukas K | The EFI firmware used in Intel Macs and other modern systems presents some interesting possibilities ... | Exploitation ExcludeThinkstScapes EFI Mac OS |
| DEX EDUCATION: PRACTICING SAFE DEX | Timothy Strazzere | "In an ecosystem full of potentially malicious apps, you need to be careful about the ... | Security |
| DIGGING DEEP INTO THE FLASH SANDBOXES | Paul Vincent Sabanal , Mark Vincent Yason | "Lately we have seen how sandboxing technology is positively altering the software security landscape. From ... | Deep Knowledge ExcludeThinkstScapes Flash Architecture |
| Don't stand so close to me: an analysis of the NFC attack surface | Charlie Miller | Near Field Communication (NFC) has been used in mobile devices in some countries for a ... | Attack IncludeThinkstScapes NFC |
| EASY LOCAL WINDOWS KERNEL EXPLOITATION | Cesar Cerrudo | For some common local Kernel vulnerabilities there is no general, multi-version and reliable way to ... | Exploitation ExcludeThinkstScapes Kernel Windows |
| ERRATA HITS PUBERTY: 13 YEARS OF CHAGRIN | Jericho | The attrition.org Errata project has documented the shortcomings, hypocrisy, and disgraces of the information technology ... | ExcludeThinkstScapes Industry News |
| EXCHANGING DEMANDS | Peter Hannay | Smart phones and other portable devices are increasingly used with Microsoft Exchange to allow people ... | Mobile Security ExcludeThinkstScapes |
| Exploit mitigation improvements in Win 8 | Matt Miller , Ken Johnson | "Over the past decade, Microsoft has added security features to the Windows platform that help ... | IncludeThinkstScapes Defence Windows 8 Mitigations |
| EXPLOITATION OF WINDOWS 8 METRO STYLE APPS | Sung-ting Tsai , Ming-chieh Pan | "Windows 8 introduces lots of security improvements, one of the most interesting feature is the ... | Exploitation ExcludeThinkstScapes Windows 8 AppContainer Sandbox |
| EXPLOITING THE JEMALLOC MEMORY ALLOCATOR: OWNING FIREFOX'S HEAP | Chariton Karamitas , Patroklos Argyroudis | "jemalloc is a userland memory allocator that is being increasingly adopted by software projects as ... | ExcludeThinkstScapes Attack Heap Overflows Jemalloc |
| FILE DISINFECTION FRAMEWORK: STRIKING BACK AT POLYMORPHIC VIRUSES | Mario Vuksan , Tomislav Pericin | "Invincibility lies in the defense; the possibility of victory in the attack." Sun Tzu Polymorphic ... | Deep Knowledge ExcludeThinkstScapes Anti-Virus |
| FIND ME IN YOUR DATABASE: AN EXAMINATION OF INDEX SECURITY | David Litchfield | "This talk will look at the Oracle indexing architecture and examine some new flaws, with ... | Security |
| Flowers for automated malware analysis | Paul Royal , Chengyu Song | "Malware, as the centerpiece of threats to the Internet, has increased exponentially. To handle the ... | Malware IncludeThinkstScapes Counter Measures |
| From the Iriscode to the Iris: a new vulnerability of Iris recognition systems | Javier Galbally | A binary iriscode is a very compact representation of an iris image, and, for a ... | Exploitation IncludeThinkstScapes Biometrics Iris Genetic Algorithm |
| GHOST IS IN THE AIR(TRAFFIC) | Andrei Costin | Subtitle: On security aspects of ADS-B and other "flying" technology Air-related technologies are on the ... | ExcludeThinkstScapes Air Traffic Control |
| GOOGLE NATIVE CLIENT - ANALYSIS OF A SECURE BROWSER PLUGIN SANDBOX | Chris Rohlf | "Native Client is Google's attempt at bringing millions of lines of existing C/C++ code to ... | ExcludeThinkstScapes Google Chrome Defences Plugins NaCl |
| HACKING THE CORPORATE MIND: USING SOCIAL ENGINEERING TACTICS TO IMPROVE ORGANIZATIONAL SECURITY ACCEPTANCE | James Philput | "Network defenders face a wide variety of problems on a daily basis. Unfortunately, the biggest ... | Security ExcludeThinkstScapes |
| HACKING WITH WEBSOCKETS | Sergey Shekyan , Vaagn Toukharian | "HTML5 isn't just for watching videos on your iPad. Its features may be the target ... | WebSockets Exploratory |
| HARDWARE BACKDOORING IS PRACTICAL | Jonathan Brossard | This presentation will demonstrate that permanent backdooring of hardware is practical. We have built a ... | Security |
| HERE BE BACKDOORS: A JOURNEY INTO THE SECRETS OF INDUSTRIAL FIRMWARE | Ruben Santamarta | "PLCs, Smart Meters, SCADA, Industrial Control Systemsnowadays all those terms are well known for the ... | Hardware Reverse Engineering ExcludeThinkstScapes Hardware Hacking Embedded |
| HOOKIN' AIN'T EASY: BEEF INJECTION WITH MITM | Ryan Linn , Steve Ocepek | Kiddies gotta make the money, and it don\'t come easy when those mean users don\'t ... | Exploitation Browser ExcludeThinkstScapes Man-in-the-middle |
| How many bricks does it take to crack a microcell? | Mathew Rowley | This is a tale of a journey that tested almost every security related skill I ... | IncludeThinkstScapes Hardware Hacking Embedded Microcell |
| HOW THE ANALYSIS OF ELECTRICAL CURRENT CONSUMPTION OF EMBEDDED SYSTEMS COULD LEAD TO CODE REVERSING? | Yann Allain , Julien Moinard | A practical approach of Power Analysis dedicated to reverse Engineering This submission presents an experimental ... | Reverse Engineering Hardware Reverse Engineering ExcludeThinkstScapes Power Analysis |
| HTML5 TOP 10 THREATS STEALTH ATTACKS AND SILENT EXPLOITS | Shreeraj Shah | "HTML5 is an emerging stack for next generation applications. HTML5 is enhancing browser capabilities and ... | Security |
| INTRUSION DETECTION ALONG THE KILL CHAIN: WHY YOUR DETECTION SYSTEM SUCKS AND WHAT TO DO ABOUT IT | John Flynn | "The field of intrusion detection is a complete failure. Vendor products at best address a ... | Security |
| IOS APPLICATION SECURITY ASSESSMENT AND AUTOMATION: INTRODUCING SIRA | Justin Engler , Seth Law , Joshua Dubik , David Vo | "Apple's AppStore continues to grow in popularity, and iOS devices continue to have a high ... | Testing ExcludeThinkstScapes iOS Static Analysis |
| IOS KERNEL HEAP ARMAGEDDON REVISITED | Stefan Esser | "Previous work on kernel heap exploitation for iOS or Mac OS X has only covered ... | Security |
| IOS SECURITY | Dallas de Atley | Apple designed the iOS platform with security at its core. In this talk, Dallas De ... | Security |
| LEGAL ASPECTS OF CYBERSPACE OPERATIONS | Robert Clark | This presentation examines the legal regime surrounding cyberspace operations. The analysis looks at the legal ... | Security |
| LOOKING INTO THE EYE OF THE METER | Don c. Weber | "When you look at a Smart Meter, it practically winks at you. Their Optical Port ... | Hardware Reverse Engineering Hardware Hacking Smart Grid |
| My Arduino can beat up your hotel room lock | Cody Brocious | "Nearly ten million Onity locks are installed in hotels worldwide, representing 1/3 of hotels and ... | Attack IncludeThinkstScapes Hardware Hacking |
| OWNING BAD GUYS {AND MAFIA} WITH JAVASCRIPT BOTNETS | Chema Alonso | Man in the middle attacks are still one of the most powerful techniques for owning ... | ExcludeThinkstScapes Man-in-the-middle |
| PINPADPWN | Rafael Dominguez Vega , Nils | "Pin Pads or Payment Terminals are widely used to accept payments from customers. These devices ... | |
| PRNG: PWNING RANDOM NUMBER GENERATORS (IN PHP APPLICATIONS) | George Argyros , Aggelos Kiayias | We present a number of novel, practical, techniques for exploiting randomness vulnerabilities in PHP applications. ... | ExcludeThinkstScapes Attack PHP Random Functions Entropy |
| PROBING MOBILE OPERATOR NETWORKS | Collin Mulliner | Cellular networks do not only host mobile and smart phones but a wide variety of ... | Mobile Security ExcludeThinkstScapes Survey Scan |
| RECENT JAVA EXPLOITATION TRENDS AND MALWARE | Jeong wook Oh | "We are seeing more and more Java vulnerabilities exploited in the wild. While it might ... | Exploitation ExcludeThinkstScapes Java |
| SCALING UP BASEBAND ATTACKS: MORE (UNEXPECTED) ATTACK SURFACE | Ralf-Philipp Weinmann | Baseband processors are the components of your mobile phone that communicate with the cellular network. ... | Security |
| Sexydefense - maximizing the home-field advantage | Iftach Ian Amit | Offensive talks are easy, I know. But the goal of offensive security at the end ... | Security IncludeThinkstScapes Defence |
| SMASHING THE FUTURE FOR FUN AND PROFIT | Jennifer Granick , Jeff ( Dark Tangent ) Moss , Adam Shostack , Marcus Ranum , Bruce Schneier | "Has it really been 15 years? Time flies when keeping up with Moore's law is ... | |
| SNSCAT: WHAT YOU DON'T KNOW ABOUT SOMETIMES HURTS THE MOST | Dan Gunter , Solomon Sonya | A vulnerability exists through the use of Social Networking Sites that could allow the exfiltration ... | Data Exfiltration Social Media ExcludeThinkstScapes Covert |
| SQL INJECTION TO MIPS OVERFLOWS: ROOTING SOHO ROUTERS | Zachary Cutlip | This presentation details an approach by which SQL injection is used to exploit unexposed buffer ... | Buffer Overflows Exploitation ExcludeThinkstScapes SQL Injection |
| SSRF VS. BUSINESS CRITICAL APPLICATIONS | Alexander mikhailovich Polyakov , Dmitry Chastuhin | "Typical business critical applications have many vulnerabilities because of their complexity, customizable options and lack ... | ExcludeThinkstScapes XML SAP Server Side Request Forgery |
| STATE OF WEB EXPLOIT TOOLKITS | Jason Jones | Web exploit toolkits have become the most popular method for cybercriminals to compromise hosts and ... | Web Exploitation ExcludeThinkstScapes |
| STILL PASSING THE HASH 15 YEARS LATER? USING THE KEYS TO THE KINGDOM TO ACCESS ALL YOUR DATA | Alva Duckwall , Christopher Campbell | Kerberos is the cornerstone of Windows domain authentication, but NTLM is still used to accomplish ... | ExcludeThinkstScapes Pass The Hash |
| TARGETED INTRUSION REMEDIATION: LESSONS FROM THE FRONT LINES | Jim Aldridge | Successfully remediating a targeted, persistent intrusion generally requires a different approach from that applied to ... | ExcludeThinkstScapes Defence Advanced Persistent Threat |
| THE CHRISTOPHER COLUMBUS RULE AND DHS | Mark Weatherford | "Never fail to distinguish what\'s new, from what\'s new to you." This rule applies to ... | Security |
| THE DEFENSE RESTS: AUTOMATION AND APIS FOR IMPROVING SECURITY | David Mortman | Want to get better at security? Improve your ops and improve your dev. Most of ... | Security |
| THE INFO LEAK ERA ON SOFTWARE EXPLOITATION | Fermin J. Serna | Previously, and mainly due to application compatibility. ASLR has not been as effective as it ... | Exploitation Information Leaks |
| THE MYTH OF TWELVE MORE BYTES: SECURITY ON THE POST-SCARCITY INTERNET | Tom Ritter , Alex Stamos | In what may be the greatest technical shift the Internet has seen, three of the ... | IPv6 ExcludeThinkstScapes DNSSEC GTLDs |
| TORTURING OPENSSL | Valeria Bertacco | "For any computing system to be secure, both hardware and software have to be trusted. ... | Cryptography ExcludeThinkstScapes OpenSSL Key recovery |
| TRUST, SECURITY, AND SOCIETY | Bruce Schneier | "Human societies run on trust. Every day, we all trust millions of people, organizations, and ... | Security |
| WE HAVE YOU BY THE GADGETS | Toby Kohlenberg , Mickey Shkatov | Why send someone an executable when you can just send them a sidebar gadget? We ... | Malware Windows Windows Gadgets |
| WEB TRACKING FOR YOU | Gregory Fleischer | There has been a lot of conversation recently around the privacy degrading techniques used by ... | Privacy ExcludeThinkstScapes Tracking |
| WINDOWS PHONE 7 INTERNALS AND EXPLOITABILITY | Tsukasa Oi | Windows Phone 7 is a modern mobile operating system developed by Microsoft. This operating system ... | Exploitation Windows Phone 7 |
| WINDOWS 8 HEAP INTERNALS | Chris Valasek , Tarjei Mandt | "Windows 8 developer preview was released in September 2011. While many focused on the Metro ... | Deep Knowledge Exploitation ExcludeThinkstScapes Windows 8 Heap Overflows |
| <GHZ OR BUST: BLACKHAT | Atlas | "Wifi is cool and so is cellular, but the real fun stuff happens below the ... | Security |
| ADVANCED CHROME EXTENSION EXPLOITATION - LEVERAGING API POWERS FOR THE BETTER EVIL | Kyle Osborn , Krzysztof Kotowicz | Browser exploitation can seem to be a nearly unachievable task these days. ASLR, DEP, segregated ... | Exploitation Google Chrome Extensions |
| CODE REVIEWING WEB APPLICATION FRAMEWORK BASED APPLICATIONS (STRUTS 2, SPRING MVC, RUBY ON RAILS (GROOVY ON GRAILS), .NET MVC) | Abraham Kang | This workshop will give participants an opportunity to practically review Web Application Framework based applications ... | Security |
| LESSONS OF BINARY ANALYSIS | Christien ( Dildog ) Rioux | "Ever wanted to know more about how static binary analysis works? It's complicated. Ever want ... | ExcludeThinkstScapes Static Analysis |
| LINUX INTERACTIVE EXPLOIT DEVELOPMENT WITH GDB AND PEDA | Long Le | "Exploit development requires a lot of interactive works with debugger, automating time consuming tasks will ... | Security |
| MOBILE NETWORK FORENSICS WORKSHOP | Eric Fulton | "Intentionally or not, your phone leaks data to the world. What can you-- or your ... | Security |
| RUBY FOR PENTESTERS: THE WORKSHOP | Cory Scott , Michael Tracy , Timur Duehr | "Having a great set of test tools could be the difference between a successful engagement ... | |
| THE DARK ART OF IOS APPLICATION HACKING | Jonathan Zdziarski | "This talk demonstrates how modern day financial applications, password and credit card managers, and other ... | ExcludeThinkstScapes iOS |
| CUTECATS.EXE AND THE ARAB SPRING | Morgan Marquis-boire | There has been significant discussion regarding the impact of the internet, social media, and smart ... | ExcludeThinkstScapes Activism Politics Client-side |
| EMBEDDED DEVICE FIRMWARE VULNERABILITY HUNTING USING FRAK | Ang Cui | We present FRAK**, the firmware reverse analysis konsole. FRAK is a framework for unpacking, analyzing, ... | Security |
| HTEXPLOIT BYPASSING HTACCESS RESTRICTIONS | Maximiliano Soler , Matias Katz | HTExploit is an open-source tool written in Python that exploits a weakness in the way ... | |
| LIBINJECTION: A C LIBRARY FOR SQLI DETECTION AND GENERATION THROUGH LEXICAL ANALYSIS OF REAL WORLD ATTACKS | Nick Galbreath | SQLi and other injection attacks remain the top OWASP and CERT vulnerability. Current detection attempts ... | ExcludeThinkstScapes Defence SQL Injection |
| MAPPING AND EVOLUTION OF ANDROID PERMISSIONS | Zach Lanier , Andrew Reiter | The Android Open Source Project provides a software stack for mobile devices. The provided API ... | |
| MODSECURITY AS UNIVERSAL CROSS-PLATFORM WEB PROTECTION TOOL | Greg Wroblewski , Ryan C. Barnett | "For many years ModSecurity was a number one free open source web application firewall for ... | |
| PASSIVE BLUETOOTH MONITORING IN SCAPY | Ryan Holeman | "Recognizing a need to support passive bluetooth monitoring in Scapy, Python's interactive monitoring framework, a ... | Security |
| STAMP OUT HASH CORRUPTION, CRACK ALL THE THINGS | Ryan Reynolds , Jonathan Claudius | The precursor to cracking any password is getting the right hash. In this talk we ... | ExcludeThinkstScapes Windows Pass The Hash |
| STIX: THE STRUCTURED THREAT INFORMATION EXPRESSION | Sean Barnum | This Turbo Talk will give a brief introduction and overview of an ongoing effort to ... | Security |
| SYNFUL DECEIT, STATEFUL SUBTERFUGE | Tom Steele , Chris Patten | Successful network reconnaissance and attacks are almost always predicated by effectively identify listening application services. ... | |
| THE LAST GASP OF THE INDUSTRIAL AIR-GAP... | Eireann Leverett | Industrial Systems are widely believed to be air-gapped. At previous Black Hat conferences, people have ... | Security |
| WHEN SECURITY GETS IN THE WAY: PENTESTING MOBILE APPS THAT USE CERTIFICATE PINNING | Justine Osborne , Alban Diquet | More and more mobile applications such as the Chrome, Twitter and card.io apps have started ... | Mobile Security Application Security ExcludeThinkstScapes Certificate Pinning |
| ..CANTOR.DUST.. | Christopher Domas | "..cantor.dust.. is an interactive binary visualization tool, a radical evolution of the traditional hex editor. ... | Security |
| ARMITAGE | Raphael Mudge | Armitage is a red team collaboration tool built on the open source Metasploit Framework. Released ... | Security |
| ARPWNER | Nicolas Trippar | ARPwner is a tool to do arp poisoning and dns poisoning attacks, with a simple ... | Security |
| AWS SCOUT | Jonathan Chittenden | The scale and variety of Amazon Web Servers (AWS) has created a constantly changing landscape. ... | Security |
| BACKFUZZ | Matias Choren | "Backfuzz is a fuzzing tool for different protocols (FTP, HTTP, IMAP, etc) written in Python. ... | Security |
| BURP EXTENSIBILITY SUITE | James Lester | Whether it be several Class B Subnets, a custom Web Application utilizing tokenization, or the ... | Security |
| BYPASSING EVERY CAPTCHA PROVIDER WITH CLIPCAPTCHA | Gursev Singh Kalra | "reCAPTCHA and other CAPTCHA service providers validate millions of CAPTCHAs each day and protect thousands ... | Security |
| CROWDRE | Georg Wicherski | "Reversing complex software quickly is challenging due to the lack of professional tools that support ... | Security |
| FAKENET | Andrew Honig | "FakeNet is a tool that aids in the dynamic analysis of malicious software. The tool ... | Security |
| GENERIC METASPLOIT NTLM RELAYER | Rich Lundeen | "NTLM auth blobs contain the keys to the kingdom in most domain environments, and relaying ... | Security |
| GSPLOIT | Gianni Gnesa | Gsploit is a scriptable penetration testing framework written in Python that not only provides a ... | Security |
| ICE-HOLE 0.3 (BETA) | Darren Manners | Ice-hole is a java email phishing tool that identifies when a user has clicked on ... | Security |
| INCIDENT RESPONSE ANALYSIS VISUALIZATION AND THREAT CLUSTERING THROUGH GENOMIC ANALYSIS | Anup K. Ghosh | By capturing real-time forensic information on thwarted zero-day attacks using virtual environments for browsers and ... | Security |
| ISNIFF GPS | Hubert Seiwert | "iSniff GPS performs passive wireless sniffing to identify nearby iPhones and iPads. Data disclosed by ... | Security |
| KAUTILYA AND NISHANG | Nikhil Mittal | Kautilya is a toolkit and framework which allows usage of USB Human Interface Devices in ... | Security |
| LIME FORENSICS 1.1 | Joe Sylve | LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile ... | Security |
| MAP | Jerome Radcliffe | With MAP, enterprise apps can be wrapped post-development, so there is no code to write: ... | Security |
| MIRV | Konrads Smelkovs | "MIRV (Metasploit's Incident Response Vehicle) is a new tool (based on Metasploit's meterpreter) which was ... | Security |
| MODSECURITY OPEN SOURCE WAF | Ryan C. Barnett | ModSecurity is already the most widely deployed WAF in existence protecting millions of web sites, ... | Security |
| OWASP BROKEN WEB APPLICATIONS PROJECT | Chuck Willis | The Open Web Application Security Project (OWASP) Broken Web Applications project (www.owaspbwa.org) provides a free ... | Security |
| OYEDATA FOR ODATA ASSESSMENTS | Gursev Singh Kalra | OData is a new data access protocol that is being adopted by many major software ... | Security |
| PEEPDF | Jose Miguel Esparza | "peepdf is a Python tool to explore PDF files in order to find out if ... | Security |
| PHPMAP | Matt Bergin | Attempts to leverage the lack of input validation on the php eval() function in web ... | Security |
| REDLINE | Lucas Zaichkowsky | Redline is free utility from Mandiant that makes both experienced and entry-level incident responders faster ... | Security |
| REGISTRY DECODER | Lodovico Marziale | The registry on Windows systems contain a tremendous wealth of forensic artifacts, including application executions, ... | Security |
| SAP PROXY | Ian De Villiers | "The analysis and reverse engineering of SAP GUI network traffic has been the subject of ... | Security |
| SEMI-AUTOMATED IOS RAPID ASSESSMENT | Justin Engler | "Apple's AppStore continues to grow in popularity, and iOS devices continue to have a high ... | Security |
| SMARTPHONE PENTESTING FRAMEWORK | Georgia Weidman | As smartphones enter the workplace, sharing the network and accessing sensitive data, it is crucial ... | Security |
| TENACIOUS DIGGITY - NEW GOOGLE HACKING DIGGITY SUITE TOOLS | Francis Brown | All brand new tool additions to the Google Hacking Diggity Project - The Next Generation ... | Security |
| THREADFIX | Dan Cornell | ThreadFix is an open source software vulnerability aggregation and management system that allows software security ... | Security |
| VEGA | David mirza Ahmad | Vega is a GUI-based, multi-platform, free and open source web security scanner that can be ... | Security |
| WATOBO - WEB APPLICATION TOOLBOX | Andreas Schmidt | Doing manual penetration tests on web applications is time-consuming and can be very boring or ... | Security |
| XMPPloit | Luis Delgado | "XMPPloit is a command-line tool to attack XMPP connections, allowing the attacker to place a ... | Exploitation SSL IncludeThinkstScapes XMPP |