OWASP AppSec Europe 2018 archives

OWASP AppSec Europe 2018 archives

Ciso

• "Adding Privacy by Design ", by Sebastien Deleersnyder - Slides
• "A View from Above ", by Chris Horn - Slides
• "Current Research and Standards ", by Charles M Schmidt - Slides
• "Deconstructing Threat Modeling ", by Ciaran Conliffe - Slides
• "Development to Risk Management ", by Johanna Curiel.key - Slides
• "Regular to Enterprise Ready ", by Ovidiu Cical - Slides
• "Seconds out ", by Etienne Greeff - Slides
• "Security is Everyone's Job ", by Tanya Janca - Slides
• "Threat Modeling for IOT ", by Dan Cornell - Slides
• "Threat Perspectives ", by Jacky Fox and Gina Dollard - Slides

Developer

• "A Methodology for Assessing ", by Pedro Fortuna - Slides
• "Building Secure ASP NET ", by Niels Tanis - Slides
• "Cross Application CSRF Protection ", by Egor Balyshev - Slides
• "Injecting Security Controls ", by Katy Anton - Slides
• "Oauth is DAC ", by Johan Peeters - Slides
• "Patterns in Nodejs ", by Chetan Karande - Slides
• "Remediate the Flag ", by Andrea Scaduto - Slides
• "Secure Software Development ", by Damilare D. Fagbemi - Slides
• "Unicode The Hero or Villain ", by Pawel Kawczyk - Slides
• "Usable Security ", by Achim D. Bruker - Slides

DevOps

• "Gamifying Education ", by Max Feldman and John Sonnenschein - Slides
• "Buiding an AppSec Program ", by Chris Romeo - Slides
• "Building a Valid Threat Library ", by Tony Ucedavelez - Slides
• "Detecting and Preventing ", by Lieven Desmet - Slides
• "Docker 201 Security ", by Dirk Wetter - Slides
• "Gamifying Developer Education ", by Max Feldman and John Sonnenschein - Slides
• "Jumpstarting Your DevSecOps ", by Jeff Williams - Slides
• "Making Continuous Security ", by Matt Tesauro and Aaron Weaver - Slides
• "Securing Containers ", by Jack Mannino and Abdullah Munawar - Slides

Hacker

• "Exploiting Unknown Browsers ", by Gareth Heyes - Slides
• "FIESTA ", by Jose Selvi - Slides
• "Outsmarting Smart Contracts ", by Damian Rusinek - Slides
• "Secure Messengers ", by Jeremy Matos and Laureline David - Slides
• "The Last XSS ", by Jim Manico - Slides
• "WAF Bypass Techniques ", by Soroush Dalili - Slides

stackoverflow performance architecture

stackoverflow performance architecture

https://stackexchange.com/performance

How spam filters work

Göndermiş olduğunuz e-posta'ların spam filtrelerine takılmaması için göz atmanızda fayda var.

https://deliciousbrains.com/how-spam-filters-works/

#pentest find passphrase on encrypted ssh private key

root@kali:/home/userx/.ssh# ssh2john id_rsa > id_rsa.jtr-hash

root@kali:/home/userx/.ssh# john id_rsa.jtr-hash
Using default input encoding: UTF-8
Loaded 1 password hash (SSH [RSA/DSA 32/32])
Press 'q' or Ctrl-C to abort, almost any other key for status
starwars         (id_rsa)
1g 0:00:00:00 DONE 2/3 (2018-05-26 22:00) 7.692g/s 96461p/s 96461c/s 96461C/s starwars
Use the "--show" option to display all of the cracked passwords reliably
Session completed

root@kali:/home/aokan/.ssh# john --show id_rsa.jtr-hash 

id_rsa:starwars

1 password hash cracked, 0 left

Do You Really Know Everything About The DDoS Attack?

https://www.milesweb.in/blog/website-security/guide-to-ddos-attack/#4DDOS

CTF Series : Binary Exploitation

https://bitvijays.github.io/LFC-BinaryExploitation.html

Penetration Tester's Subdomain Enumeration Guide

https://blog.appsecco.com/a-penetration-testers-guide-to-sub-domain-enumeration-7d842d5570f6

curl Command Resume Broken Download

curl -C - url

OR

curl -L -O -C - url

OR

curl -L -o 'filename-here' -C - url

Kali Linux 2018.2 Release

Kali Linux - 2018.2 (Released 2018-04-30) [ View Issues ] 
=========================================
- 0004675: [Tool Upgrade] Bloodhound v1.5.1 (sbrun) - resolved.
- 0004658: [Kali Package Bug] Dradis fails to run (sbrun) - resolved.
- 0004656: [Kali Package Bug] jsql injection not working even update new version - resolved.
- 0004608: [Tool Upgrade] OWASP JoomScan Project update (sbrun) - resolved.
- 0004570: [Kali Package Bug] Gnome NetworkManager OpenVPN immediately disconnecting (rhertzog) - resolved.
- 0004607: [Kali Package Improvement] Make msfdb more verbose (g0tmi1k) - resolved.
- 0004632: [Kali Package Improvement] Update Usage Examples of wpscan (g0tmi1k) - resolved.
- 0002329: [New Tool Requests] Ropper v1.10.10 - Display info about files in different formats & find gadgets to build ROPs chains (sbrun) - resolved.
- 0004626: [Tool Upgrade] Update ExploitDB-Papers (g0tmi1k) - resolved.
- 0004627: [Tool Upgrade] Update ExploitDB-Bin-Sploits (g0tmi1k) - resolved.
- 0004325: [Tool Upgrade] hashcat v4.0.0 available (sbrun) - resolved.
- 0004619: [Tool Upgrade] Update SecLists v1.3 (g0tmi1k) - resolved.
- 0004554: [Kali Package Improvement] Add Kali.Training to Firefox Bookmark (sbrun) - resolved.
- 0004606: [Kali Package Improvement] Make openvas-* more verbose (g0tmi1k) - resolved.
- 0004603: [Kali Package Improvement] Make beef-xss start/stop more verbose & menu updates (g0tmi1k) - resolved.
- 0004605: [Kali Package Improvement] Make xplico start/stop more verbose & menu updates (g0tmi1k) - resolved.
- 0004604: [Kali Package Improvement] Make dradis start/stop more verbose & menu updates (g0tmi1k) - resolved.
- 0004600: [Tool Upgrade] burpsuite 1.7.32 available (sbrun) - resolved.
- 0004602: [Kali Package Bug] inetsim pem key file is owned by root user - resolved.
- 0004560: [Kali Package Bug] PROBLEM WITH INSTALLING XPLICO ON KALI LINUX (sbrun) - resolved.
- 0004532: [Kali Package Bug] btscanner crashes with the "b" (brute force scan) option (sbrun) - resolved.
- 0004505: [Kali Package Bug] arachni doesn't run with using sudo anymore - resolved.
- 0004542: [General Bug] Kali desktop theme background doesn't work for 2560x1600 resolutions (sbrun) - resolved.
- 0004470: [Tool Upgrade] Upgrade Burpsuite to 1.7.30 (sbrun) - resolved.
- 0004486: [Tool Upgrade] reaver v1.6.4 released (muts) - resolved.
- 0004500: [Tool Upgrade] pixiewps v1.4.2 released (sbrun) - resolved.
- 0004437: [Kali Package Improvement] Responder - Add ./Tools/* into $PATH (sbrun) - resolved.
- 0000175: [Kali Package Improvement] metasploit framework's pattern_create and offset (Add to $PATH) (g0tmi1k) - resolved.

[28 issues]

Kali Linux - 2018.1 (Released 2018-02-06) [ View Issues ] 
=========================================

Released 06 Feb 2018
https://www.kali.org/news/kali-linux-2018-1-release

- 0004384: [General Bug] Sound / Audio issues. (sbrun) - resolved.
- 0004488: [General Bug] Gnome Shell crash when you plug an USB device (rhertzog) - resolved.
- 0004499: [New Tool Requests] Add ExploitDB-Bin-Sploit (Binary Exploits) (g0tmi1k) - resolved.
- 0004498: [New Tool Requests] Add ExploitDB-Papers (g0tmi1k) - resolved.
- 0004469: [Kali Package Bug] Remove skype4py once osrfamework no longer needs it (sbrun) - resolved.
- 0004459: [General Bug] nm-applet segfaults when conneting to a VPN provider - resolved.
- 0004484: [Tool Upgrade] Update dbeaver to 4.3.2 (sbrun) - resolved.
- 0004467: [Kali Package Bug] Metasploit not starting (sbrun) - resolved.
- 0004476: [Kali Package Bug] linux-headers package missing for i386 (it's there for amd64) - resolved.
- 0004454: [Kali Package Bug] sparta fails to start because of qt4 (sbrun) - resolved.
- 0004463: [General Bug] mitmproxy does not start (sbrun) - resolved.
- 0004460: [Tool Upgrade] realtek-rtl88xxau-dkms needs upgrade (sbrun) - resolved.
- 0004359: [Tool Upgrade] Update seclists Package to Latest Checkout (dookie) - resolved.
- 0004126: [Kali Package Bug] Enum4Linux throws errors for users enumeration and Password Policy Information - resolved.
- 0004331: [Kali Package Bug] Wifite should depend on net-tools (sbrun) - resolved.
- 0004432: [General Bug] /usr/bin/geoip missing *.yml files (sbrun) - resolved.
- 0004422: [General Bug] alfa awus036ach driver issue (sbrun) - resolved.
- 0003821: [Kali Package Bug] polenum-0.2 inaccurately reports time values associated with password policies - resolved.
- 0003665: [Kali Package Bug] Polenum not compatible with current python-impacket package included in Kali repos - resolved.
- 0004385: [Tool Upgrade] pixiewps v1.4 released (sbrun) - resolved.
- 0000338: [New Tool Requests] Add Airgraph-ng v2.0.1 - See the graphs Aircrack-ng creates (sbrun) - resolved.
- 0004360: [Tool Upgrade] Update SSF (Secure Socket Funneling) to v3.0.0 (sbrun) - resolved.
- 0004371: [Tool Upgrade] ZAP 2.7.0 is available (sbrun) - resolved.
- 0004376: [General Bug] netboot fails when retrieving libc6-udev (rhertzog) - closed.
- 0004368: [Kali Package Bug] Imporint glib (libc6-udeb) breaks current PXE install (rhertzog) - closed.

Scancodes / Key Scan Codes

https://docs.microsoft.com/en-us/previous-versions/visualstudio/visual-studio-6.0/aa299374(v=vs.60)

https://www.win.tue.nl/~aeb/linux/kbd/scancodes-10.html

All Versions of .Net Offline Installer / Full Setup / Direct Download links

All Versions of .Net Offline Installer / Full Setup / Direct Download links

.Net Framework 2.0 offline installer	Download 32 Bit Version	Download 64 Bit version
.Net Framework 3.0 SP1  Full Setup	Download 32 Bit Version	Download 64 Bit version
.Net Framework 3.5 offline installer	Download 32 Bit Version	Download 64 Bit version
.Net Framework 3.5 SP1 offline installer	Download 32 Bit Version	Download 64 Bit version
.Net Framework 4.0 offline installer	Download 32 Bit Version	Download 64 Bit version
.Net Framework 4.5 offline installer	Download 32 Bit Version	Download 64 Bit version
.Net Framework 4.5.2 offline installer	Download 32 Bit Version	Download 64 Bit version
.net 4.6 Offline Installer	Download 32bit	Download 64bit
.net 4.6.1 Offline Installer	Download 32bit	Download 64bit
.net 4.6.2 Offline Installer	Download 32bit	Download 64bit
.net 4.7 Offline Installer	Download 32bit	Download 64bit

Collection of steganography tools

https://github.com/DominicBreuker/stego-toolkit

List-RDP-Connections-History

https://github.com/3gstudent/List-RDP-Connections-History

linux privilege escalation

• LinEnum.sh
• linux-kernel-exploits
• linuxprivchecker.py
• RootHelper

oci_connect ORA-24408: could not generate unique server group name

The 11g instant client requires a /etc/hosts file entry for your hostname pointing to 127.0.0.1. The normal "localhost" entry is not sufficient on it's own.

Assuming your host name is foomachine, there are two places you'll need to check:

In /etc/hosts, make sure you have any entry like - add it if it's not there:

127.0.0.1   foomachine

And also make sure the /etc/sysconfig/network file also has HOSTNAME=foomachine

vim: switch to tabs view

 :tab sball

switch between tabs:




gt or :tabn           "    go to next tab
gT or :tabp or :tabN  "    go to previous tab