Thursday 17 February 2011

Security Websites

Herewith, just some bookmarks to websites covering network security topics. 
Standard caveats apply...
  • These resources are intended for use by pentesters (IT security consultants) as part of an authorized security test.   Pentesters get called in when a company wants an independent check on the security of its internet & intranet infrastructure, web applications, or whatever.
  • Never probe or attack any machine without the consent of the owner and any interested third parties.
    • Never run an exploit you found on the Internet unless you have read the code, understood it, and (where appropriate) changed the payload to something you trust. 
    • Home users: Please don't panic if your IP address is probed from the Internet.  The scanning box was probably compromised without its owner's knowledge, so responding in kind is pointless as well as illegal. Sustained or intense attacks should be reported to the Abuse contact for the domain, or for the IP, or for the IP block (but not all three).  The system owner probably doesn't realise his box has been owned.   But don't bother reporting brief probes: it happens all the time.  90% of abuse reports are bogus anyway, so don't bother the Abuse contacts with trivia.
    Where to Start
    Vulnerability Announcements & Discussions
    Exploit Archives


    1. The Metasploit megaprimer has been re-created with the latest advances and also with a certification: Testimonials look good.

    2. Thanks for the note. SecurityTube's Wireless Security Megaprimer is very good too.


    Spammers: please stop wasting my time. All comments are moderated before publication.