Download the recorded Webinars at(also you would need to download the g2m_codec for viewing it in Media Player):
1.EC-Council Certified Security Analyst (ECSA) First Look
Topics:
-Vulnerability Assessment & Analysis
-Advance Exploits & Tools
https://www2.gotomeeting.com/register/605228483
2.Topic:
- Writing Secure Applications-Maximizing ROI through CBT
https://www1.gotomeeting.com/register/215990273
I will add the links for meetings that will happen in future for your ease of access.
Thursday, July 1, 2010
Thursday, April 1, 2010
Wireshark training videos
Some short videos:
http://media-2.cacetech.com/video/wireshark/introduction-to-wireshark/
http://media-2.cacetech.com/video/wireshark/custom-shortcuts/
http://media-1.cacetech.com/media/network_mysteries/mysteries_intro/
http://media-1.cacetech.com/media/network_mysteries/missing_download/
http://media-1.cacetech.com/media/network_mysteries/slow_network/
http://www.cacetech.com/media/network_mysteries/slow_dns/
Wireshark Network Analysis :
http://www.wiresharkbook.com/coffee.html
http://media-2.cacetech.com/video/wireshark/introduction-to-wireshark/
http://media-2.cacetech.com/video/wireshark/custom-shortcuts/
http://media-1.cacetech.com/media/network_mysteries/mysteries_intro/
http://media-1.cacetech.com/media/network_mysteries/missing_download/
http://media-1.cacetech.com/media/network_mysteries/slow_network/
http://www.cacetech.com/media/network_mysteries/slow_dns/
Wireshark Network Analysis :
http://www.wiresharkbook.com/coffee.html
Friday, March 19, 2010
What are the best open source web scanners
OpenVAS http://www.openvas.org/
Nikto http://cirt.net/Nikto2
Spend the $250 and get Burp Scanner for the win! The whole Burp Suite is pretty good actually. It includes many useful tools -- like Spidering and Intruding tools.
http://portswigger.net/suite/
Try Backtrack 4 is a Live CD with a lot tools, including Nikto, Metasploit, Beef and others. An the most important is FREE.
And if you're really adventurous, try the OSCP training that goes with Backtrack. But be forwarned, it is not for the faint of heart. Especially if you attempt the test. It, by far, was the hardest hands on test I've ever taken.
When I took a SANS web pentesting course, we used Burp and W3AF ( http://w3af.sourceforge.net/ ) quite a bit. Both tools are impressive.
In order to perform a thorough and accurate security analysis of any web application you should combine automated scanning with manual testing and validation. Automated scanning will not, and can not catch all of the possible holes in a web application and does not check for attacks such as business usage manipulation.
The OWASP testing guide is a great place start:
http://www.owasp.org/index.php/Category:OWASP_Testing_Project
Also, the OWASP code review guide is great for developers
http://www.owasp.org/index.php/Category:OWASP_Code_Review_Project
You can download samurai web scanning framework. There are plenty of open source tools in this for web application testing. It is just like backtrack but for web application testing instead of network pen-testing tools.
link
http://www.cgisecurity.com/2008/09/samurai-web-tes.html
Nikto http://cirt.net/Nikto2
Spend the $250 and get Burp Scanner for the win! The whole Burp Suite is pretty good actually. It includes many useful tools -- like Spidering and Intruding tools.
http://portswigger.net/suite/
Try Backtrack 4 is a Live CD with a lot tools, including Nikto, Metasploit, Beef and others. An the most important is FREE.
And if you're really adventurous, try the OSCP training that goes with Backtrack. But be forwarned, it is not for the faint of heart. Especially if you attempt the test. It, by far, was the hardest hands on test I've ever taken.
When I took a SANS web pentesting course, we used Burp and W3AF ( http://w3af.sourceforge.net/ ) quite a bit. Both tools are impressive.
In order to perform a thorough and accurate security analysis of any web application you should combine automated scanning with manual testing and validation. Automated scanning will not, and can not catch all of the possible holes in a web application and does not check for attacks such as business usage manipulation.
The OWASP testing guide is a great place start:
http://www.owasp.org/index.php/Category:OWASP_Testing_Project
Also, the OWASP code review guide is great for developers
http://www.owasp.org/index.php/Category:OWASP_Code_Review_Project
You can download samurai web scanning framework. There are plenty of open source tools in this for web application testing. It is just like backtrack but for web application testing instead of network pen-testing tools.
link
http://www.cgisecurity.com/2008/09/samurai-web-tes.html
Monday, March 8, 2010
Malware Analysis of Zeus Trojan Reverse Engineering
http://traversecode.com/2010/03/08/from-pdfexploit-to-zeustrojan-subject-steals-bank-credentials/
Tools :
File Insight tool to view the contents inside the PDF :
http://www.security-database.com/toolswatch/FileInsight-v2-1-Analizyng-files.html
Malzilla tool : Malware hunting tool ---> http://malzilla.sourceforge.net/
Ollydgb: debugging tool
Thanks and regards,
Madhuri Nandi
Tools :
File Insight tool to view the contents inside the PDF :
http://www.security-database.com/toolswatch/FileInsight-v2-1-Analizyng-files.html
Malzilla tool : Malware hunting tool ---> http://malzilla.sourceforge.net/
Ollydgb: debugging tool
Thanks and regards,
Madhuri Nandi
Thursday, February 25, 2010
Information Security Blog
Hi All,
I wanted to create a blog to update the latest Information Security News.
I am a Certified Ethical Hacker, certified from EC-Council. I will be posting the news regarding, Vulnerability Research,Writing Exploit for win/linux,writing signature for IPS, and 0day vulnerabilities and analysis of Everything mentioned above.
So Keep watching my blog.
Take care,
Madhuri Nandi
Information Security Specialist.
I wanted to create a blog to update the latest Information Security News.
I am a Certified Ethical Hacker, certified from EC-Council. I will be posting the news regarding, Vulnerability Research,Writing Exploit for win/linux,writing signature for IPS, and 0day vulnerabilities and analysis of Everything mentioned above.
So Keep watching my blog.
Take care,
Madhuri Nandi
Information Security Specialist.
Subscribe to:
Posts (Atom)