This Python script by the author ‘sickness’ updates many of the tools present in Backtrack suite, which otherwise would’ve to be updated manually.
Get the script
Screenshot
Backtrack5 Update Script
Source: backtrack-linux.org
| Backtrack5 Update Script Info | |
|---|---|
| App Name | Backtrack5 Update Script |
| License | free |
| Type | code |
| App URL |
 |
| More Info | link |
This batch file decompiles an apk to its corresponding java sources. People who are looking forward to do a code review on an android app who’s source code is not readily available can utilize this bat. This batch runs various free tools available on the internet in a sequence to obtain the java source files.
This is not made to encourage piracy/plagiarism in any case.
1. Extract batch file and lib folder to C:\apk2java\ (or any folder that doesnt have space in its path)
2. Backup the target app’s apk from phone to PC via ASTRO Browser (check this post for details)
3. Keep the target apk in the root folder where batch file is present
4. Run ‘apk2java.bat target.apk’ in cmd
c:\apk2java>apk2java.bat target.apk
This post talks about process of extracting apk file of any app available in market and then decompiling it to Java source. This can be helpful for those who perform code review (for security vulnerabilities) on apps whose source code is not available. Once Java source code is obtained, we can either do manual code review or run any free/commercial automated code scanners.
Gruyere is a vulnerable application which can be used to learn and understand web vulnerabilities. Detailed documentation is provided on the type of the vulnerabilities present in the application and ways to exploits it.
Update: Jarlsberg is now Gruyere
This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you’ll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you’ll learn the following:
HTML5 is a new and upcoming technology which has enough features to introduce potential security issues if not properly implemented. A new project has been initiated in Google Code to keep developers updated on the security concerns to be kept in mind while developing their apps with HTML5.
Description of Project in Authors Terms,
This project is an attempt to create a well maintained, informative and categorized cheat sheet to highlight HTML5 as well as other client side and related security issues and ways to avoid them. The project is meant to target web developers as well as security researchers and especially browser vendors since many of the problems we found are based on faulty or quirky implementations. Focus is on completeness, comprehensibility and timeliness as well as continuity – benefits many other related cheat sheets don’t exactly provide.
An XSS vulnerability has been discovered and disclosed to public in SharePoint Server 2007 and Microsoft Windows SharePoint Services 3.0. The vulnerability could allow an attacker to run arbitrary script that could result in elevation of privilege within the SharePoint site, as opposed to elevation of privilege within the workstation or server environment.
This vulnerability is discovered by High-Tech Bridge SA and has been notified to Microsoft 12 April 2010. On the day of writing of this post, the vulnerability remains unfixed.
Read HTBridge advisory here
Vulnerable URL :
http://TARGETSITE/_layouts/help.aspx?cid0=MS.WSS.manifest.xml%00%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E&tid=X
Screenshot
Read more at Microsoft Security Advisory (983438)
3d access addons apps appsec automate batch chrome code command concept customize Download files Firefox free google Graphics greasemonkey icon imageEditing linux mail mp3 online organize passwords pics Portable rightclick scan scripts Secfox store sync systools tips updates usb va versions videos webdesign xss youtube
WP Cumulus Flash tag cloud by Roy Tanck and Luke Morton requires Flash Player 9 or better.
