Hi all,
This month’s reading list. Make sure to check out the tools sections.
Traditional Pen-testing is Dead: A frank look at the state of affairs of our daily job
http://www.secmaniac.com/october-2010/traditional-penetration-testing-is-dead-bsides-atlanta/
10 Steps to creating your own IT Security Audit
http://www.itsecurity.com/features/it-security-audit-010407/
Preparing for an ISO 27001 Audit
http://searchsecurity.techtarget.in/tip/Preparing-for-ISO-27001-audit
Dilbert on Identity Theft (Comic)
http://dilbert.com/strips/comic/2010-10-14/
Hide your entire Operating System from prying eyes (Local System Security)
http://lifehacker.com/5554136/hide-your-entire-operating-system-from-prying-eyes
Sys Admins Gone Rogue – Biggest Insider Threat
http://www.pcworld.com/businesscenter/article/206362/biggest_insider_threat_sys_admin_gone_rogue.html
Pentesting with Burpsuite – Taking the web back from Automated Scanners
http://www.securityaegis.com/pentesting-with-burp-suite-taking-the-web-back-from-automated-scanners/
Google Offering Bounties for Bugs in Web services
http://googleonlinesecurity.blogspot.com/2010/11/rewarding-web-application-security.html
Real-time Phishing: A leap in phishing attack techniques
http://www.darkreading.com/authentication/167901072/security/attacks-breaches/228200550/index.html
TOOLS:
Firesheep: Firefox addon to demonstrate the impact of browsing without HTTPS encrypted session.
http://codebutler.com/firesheep
EFF: HTTPS Everywhere– Firefox addon to force the browser to opt for HTTPS versions of the sites (Twitter, Google, Facebook, Paypal)
https://www.eff.org/https-everywhere
Social Engineering Toolkit (v1.0) – ‘Devolution’ release :
(Version adds several key components including new attack vectors, a web GUI interface, a way to automate SET behavior)
http://www.secmaniac.com/november-2010/the-social-engineer-toolkit-v1-0-devolution-release/
Be safe!!
—
Wasim
Currently heads the Innovation and Research (InR) team at Network Intelligence. He has almost 10 years of experience conducting penetration testing, vulnerability assessments and security audits. At NII, he also pioneered advance services like RedTeam Assessments, Spear Phishing and DDoS Simulations and Active Threat Hunting. He can be reached at Twitter and LinkedIn