Common Exploits:

---

An exploit usually relates to the existence of some flaw or vulnerability in an application or operating system that if used could lead to privilege escalation or denial of service against the computer system that is being attacked. Exploits can be compiled and used manually or various engines exist that are essentially at the lowest level pre-compiled point and shoot tools. These engines do also have a number of other extra underlying features for more advanced users.

• Password Attacks
  • Known Accounts
    • Identified Passwords
    • Unidentified Hashes
  • Default Accounts
    • Identified Passwords
    • Unidentified Hashes
• Exploits
  • Successful Exploits
    • Accounts
      • Passwords
        • Cracked
        • Uncracked
      • Groups
      • Other Details
    • Services
    • Backdoor
    • Connectivity
  • Unsuccessful Exploits
  • Resources
    • Securiteam
      • Exploits are sorted by year and must be downloaded individually
    • SecurityForest
      • Updated via CVS after initial install
    • GovernmentSecurity
      • Need to create and account to obtain access
    • Red Base Security
      • Oracle Exploit site only
    • Wireless Vulnerabilities & Exploits (WVE)
      • Wireless Exploit Site
    • PacketStorm Security
      • Exploits downloadable by month and year but no indexing carried out.
    • SecWatch
      • Exploits sorted by year and month, download seperately
    • SecurityFocus
      • Exploits must be downloaded individually
    • Metasploit
      • Install and regualrly update via svn
    • Milw0rm
      • Exploit archived indexed and sorted by port download as a whole - The one to go for!
• Tools
  • Metasploit
    • Free Extra Modules
      • local copy
  • Manual SQL Injection
    • Understanding SQL Injection
    • SQL Injection walkthrough
    • SQL Injection by example
    • Blind SQL Injection
    • Advanced SQL Injection in SQL Server
    • More Advanced SQL Injection
    • Advanced SQL Injection in Oracle databases
    • SQL Cheatsheets

      • http://ha.ckers.org/sqlinjection

        http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/

        http://www.0x000000.com/?i=14

        http://pentestmonkey.net/ 

  • SQL Power Injector
  • SecurityForest
  • SPI Dynamics WebInspect
  • Core Impact
  • Cisco Global Exploiter
  • PIXDos
    • perl PIXdos.pl [ --device=interface ] [--source=IP] [--dest=IP] [--sourcemac=M AC] [--destmac=MAC] [--port=n]
  • CANVAS
  • Inguma

Cloud Computing Security

book with ISBN: 1461194067, is now available.
Please click here to order.

Our Services:

---

Cloud customers need assurance that providers are following sound security practices in mitigating the risks facing both the customer and the provider (e.g., DDoS attacks). They need this in order to make sound business decisions and to maintain or obtain security certifications.

Our Cloud Security Assessments provide means for customers to:

1. assess the risk of adopting cloud services;
2. compare different cloud provider offerings;
3. obtain assurance from selected cloud providers;
4. reduce the assurance burden on cloud providers.
5. select and deploy the security monitoring tools needed and customizing the flow analysis features available on routers.

Our Cloud Security Assessment evaluation will cover all aspects of security requirements.

For a complete Cloud Security Assessment and Penetration Testing for an existing configuration please select: