Sunday, November 17, 2013

OWASP TOP 10 2013

The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list.

Download PDF

Posted by at No comments:

+5000 dorks for SQL injection

SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

Link:

Hacking web site with DarkMySQLi.py on BackTrack 5 R2

Link:

Hacking web site with sqlmap on BackTrack 5 R3 

Link:

+5000 dorks for SQL injection


Posted by at No comments:

Sunday, November 10, 2013

The Art of Exploitation, 2nd Edition

Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.
Rather than merely showing how to run existingexploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective.

This book will teach you how to:

1. Program computers using C, assembly language, and shell scripts

2. Corrupt system memory to run arbitrary code using buffer overflows and format strings

3. Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening

4. Outsmart common security measures like nonexecutable stacks and intrusion detection systems

5. Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence

6. Redirect network traffic, conceal open ports, and hijack TCP connections

7. Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix

Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.

Download PDF

Refer To :  http://www.backtrack-pages.com

Posted by at No comments:

Wednesday, November 6, 2013

Mission-Critical Network Planning

Whether a terrorist attack, fibre cut, security breach, natural disaster or traffic overload, today's networks must be designed to withstand adverse conditions and provide continuous service. This comprehensive, leading-edge book reveals the techniques and strategies to help you keep enterprise data and voice networks in service under critical circumstances. You learn numerous ways to minimize single points of failure through redundancy and backups, and discover how to select the right networking technologies to improve survivability and performance.

Download PDF

Refer To: http://www.backtrack-pages.com

Posted by at No comments:

Hacker Techniques, Tools, and Incident Handling (Jones & Bartlett Learning Information Systems Security & Assurance Series)

Hacker Techniques, Tools, and Incident Handling begins with an examination of the landscape, key terms, and concepts that a security professional needs to know about hackers and computer criminals who break into networks, steal information, and corrupt data. It goes on to review the technical overview of hacking: how attacks target networks and the methodology they follow. The final section studies those methods that are most effective when dealing with hacking attacks, especially in an age of increased reliance on the Web. Written by a subject matter expert with numerous real-world examples, Hacker Techniques, Tools, and Incident Handling provides readers with a clear, comprehensive introduction to the many threats on our Internet environment and security and what can be done to combat them.

Download PDF


Refer To: http://www.backtrack-pages.com

Posted by at No comments:

Hackers: Heroes of the Computer Revolution


 This 25th anniversary edition of Steven Levy's classic book traces the exploits of the computer revolution's original hackers -- those brilliant and eccentric nerds from the late 1950s through the early '80s who took risks, bent the rules, and pushed the world in a radical new direction. With updated material from noteworthy hackers such as Bill Gates, Mark Zukerberg, Richard Stallman, and Steve Wozniak, Hackers is a fascinating story that begins in early computer research labs and leads to the first home computers.

Levy profiles the imaginative brainiacs who found clever and unorthodox solutions to computer engineering problems. They had a shared sense of values, known as "the hacker ethic," that still thrives today. Hackers captures a seminal period in recent history when underground activities blazed a trail for today's digital world, from MIT students finagling access to clunky computer-card machines to the DIY culture that spawned the Altair and the Apple II.

Download PDF

 Refer To: http://www.backtrack-pages.com

Posted by at No comments:

The Shell-coder's Handbook: Discovering and Exploiting Security Holes second Edition


 This much-anticipated revision, written by the ultimate group of top security experts in the world, features 40 percent new content on how to find security holes in any operating system or application
New material addresses the many new exploitation techniques that have been discovered since the first edition, including attacking "unbreakable" software packages such as McAfee's Entercept, Mac OS X, XP, Office 2003, and Vista
Also features the first-ever published information on exploiting Cisco's IOS, with content that has never before been explored
The companion Web site features downloadable code files


Download PDF

Refer To:  http://www.backtrack-pages.com

Posted by at No comments:

Secrets of a Super Hacker



Once more, Loompanics publishes something other houses wouldn't: a guide to violating computer security. Covering hacking scenarios ranging from the merely mischievous to the criminal, the super hacker known as the Knightmare gives step-by-step instructions in meaningful hacking from a personal computer. Fortunately, he also includes a section on state and federal computer laws, allowing potential hackers to be cognizant of the sanctions they risk with any particular project. Appendixes offer an array of technical explanations and tips for understanding database and system structures; tips cover password divination and searching strategies; and a glossary, besides explaining terms likely to be encountered in any particular documentation being hacked, enhances the hacker's ability to share experiences and tips. As science outstrips society's control of information, systems of secretkeeping proliferate maddeningly. Yet with this book, the keyboard jockey can enter all sorts of "secure" systems, databases, and records; and a hacker-security chapter explains both why hacking is a valuable and useful activity and--equally important because entering and altering systems without clearance is generally illegal--how to avoid getting caught. Mike Tribby


Download PDF 

Refer To: http://www.backtrack-pages.com

 
 

Posted by at No comments:

Hacking Vim 7.2

 
This book is a tutorial packed with ready-to-use hacks that give solutions for common problems faced by Vim users in their everyday life. Every chapter covers a set of recipes, each of which follows a systematic approach with a self-contained description of the task it covers, how to use it, and what you gain by using it. The minimum version of Vim required for each hack is clearly indicated.
If you are a Vim user who wants to get more out of this legendary text editor, this book is for you. It focuses on making life easier for intermediate to experienced Vim users.

Download PDF

Refer To : http://www.backtrack-pages.com



Posted by at No comments:

Tuesday, November 5, 2013

iOS Hacker's Handbook


Discover all the security risks and exploits that can threaten iOS-based mobile devices

iOS is Apple's mobile operating system for the iPhone and iPad. With the introduction of iOS5, many security issues have come to light. This book explains and discusses them all. The award-winning author team, experts in Mac and iOS security, examines the vulnerabilities and the internals of iOS to show how attacks can be mitigated. The book explains how the operating system works, its overall security architecture, and the security risks associated with it, as well as exploits, rootkits, and other payloads developed for it.

Covers iOS security architecture, vulnerability hunting, exploit writing, and how iOS jailbreaks work
Explores iOS enterprise and encryption, code signing and memory protection, sandboxing, iPhone fuzzing, exploitation, ROP payloads, and baseband attacks
Also examines kernel debugging and exploitation
Companion website includes source code and tools to facilitate your efforts

iOS Hacker's Handbook arms you with the tools needed to identify, understand, and foil iOS attacks.

Download PDF

Refer to : http://www.backtrack-pages.com
Posted by at No comments:

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 2nd Edition

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 2nd Edition
The highly successful security book returns with a new edition, completely updatedWeb applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary users. This practical book has been completely updated and revised to discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications. You'll explore the various new technologies employed in web applications that have appeared since the first edition and review the new attack techniques that have been developed, particularly in relation to the client side.

Reveals how to overcome the new technologies and techniques aimed at defending web applications against attacks that have appeared since the previous edition
Discusses new remoting frameworks, HTML5, cross-domain integration techniques, UI redress, framebusting, HTTP parameter pollution, hybrid file attacks, and more
Features a companion web site hosted by the authors that allows readers to try out the attacks described, gives answers to the questions that are posed at the end of each chapter, and provides a summarized methodology and checklist of tasks

Focusing on the areas of web application security where things have changed in recent years, this book is the most current resource on the critical topic of discovering, exploiting, and preventing web application security flaws..


Download PDF



Refer to:  http://www.backtrack-pages.com

Posted by at No comments:
Subscribe to: Posts (Atom)