Hi all,
We are starting with a monthly reading-list for people who are unable to keep up with the latest in the field of IT Security.
A few articles (like the ones below) may be informational to the non-technical readers as well to improve their tech know-how and security posture 🙂
The What And The Why Of Professional Penetration Testing
http://www.darkreading.com/blog/archives/2010/09/professional_pe.html
The Case of Zero-Day Penetration Testing
http://www.darkreading.com/blog/archives/2010/08/the_case_for_ze.html
Zero-Day Pentesting Under Fire
http://www.darkreading.com/blog/archives/2010/10/i_wrote_a_blog.html
Stuxnet: FAQ – F-Secure Blog
http://www.f-secure.com/weblog/archives/00002040.html
TOOLS:
OracleEnumerator
http://www.woany.co.uk/oracleenumerator-v1-1-1/
SQL Server 2005 Baseline Analyzer
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=da0531e4-e94c-4991-82fa-f0e3fbd05e63&displaylang=en
http://blog.sqlauthority.com/2007/07/05/sql-server-2005-best-practices-analyzer-tutorial-sample-example/
USBSploit –  USB Exploitation using Metasploit
http://secuobs.com/news/12102010-usbsploit_v0.3b_meterpreter_msf_3.shtml
DriveSploit – Drive-by-Download using Metasploit
http://www.drivesploit.org/home
If you have any links/articles/tools etc. which you would like to share with others, then send it along and I’ll include it in the next release of the newsletter.
Currently heads the Innovation and Research (InR) team at Network Intelligence. He has almost 10 years of experience conducting penetration testing, vulnerability assessments and security audits. At NII, he also pioneered advance services like RedTeam Assessments, Spear Phishing and DDoS Simulations and Active Threat Hunting. He can be reached at Twitter and LinkedIn