"… -pT:21-23,25,53,80-81,110,119,137,143,161,443,445,465,623,993,995,1023,1434,1900,2323,3306,3389,5000-5001,5432,5560,5632,5900,6379,7777,8000,8080,8129,8443,9200,11211,27017,28017 …"

Integrating nmap with Shodan.

References

  1. Fliters
  2. FAQ

Tags: shodan nmap

A recent CISSP & CEH certified applicant trying to walk me through what a NOP sled is

securityreactions:

by Three18

Further information cmlh.id.au/tagged/ceh

Tags: ceh grubbgate

Tags: grubbgate

Detective Superintendent Brian Hay of Queensland Police Service (QPS) has blocked me on Twitter.

Detective Superintendent Brian Hay of Queensland Police Service (QPS) has blocked me on Twitter.

Tags: grubbgate qps

"My guess is that RSA didn’t know anything was amiss and when a large customer comes in with technical changes that don’t really matter you just do them. I think RSA was more a victim here, and I think it’s been unfortunate that over the last couple of months they haven’t been able to tell their story clearly."

http://www.theregister.co.uk/2014/02/27/qa_schneier_on_trust_nsa_spying_and_the_end_of_us_internet_hegemony/

Tags: RSA bsafe

EC Council compromised 3 times so far, now I’m waiting to see how many more times they’ll get compromised.

securityreactions:

by @InterN0T

gr

Tags: ceh grubbgate

'certified ethical hacker' on my resume.

securityreactions:

image

by john

http://cmlh.id.au/search/ceh

Tags: grubbgate ceh

I have just uploaded the latest mirror of various Maltego Entities to SourceForge, including those recently released from shodan.io

I have moved this from Google Code since the download feature has been deprecated.

Tags: maltego shodan

snapchatme:

Occasionally computer security professionals and other helpful people reach out to us about potential bugs and vulnerabilities in Snapchat. We are grateful for the assistance of professionals who practice responsible disclosure and we’ve generally worked well with those who have contacted us.

Since I have some experience in disclosing vulnerabilities in Social Media I would agree with SnapChat’s position in this specific instance since throttling of an API results in the exfiltration taking more time and is against the business driver for fast web services.

Wayback Machine has mirrored the SQL and CSV dump at https://web.archive.org/web/20140101043605/http://www.snapchatdb.info/

Furthermore, the obfuscation of each phone number is poor, i.e. there are ~45 different combinations of [1-9][1-9] in the SnapchatDB release.