Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: online searchable exploit code database?

from [krymson] Network Security [Permanent Link]
Subject: Re: online searchable exploit code database?
Date: 27 Nov 2006 19:45:26 -0000 
Good questions, and I hope to see a lot of replies to this.

1. a searchable database of exploit code with detailed descriptions on what it 
does with vendor link etc. I couldn't find any, at least not any free ones. I 
think he is looking for something like a wikipedia of exploit code.

This is difficult to get from vendors, even after they have patched their 
systems. They don't like publishing exploits that beat their own systems. 
Likewise, some sites/companies consider their exploits to be theirs, and not 
available to the general public. Instead, you pay huge amounts of money to 
utilize tools that utilize their exploits. :)

But there are ways to get exploits from the web anyway, although you're usually 
at the mercy of the authors on whether they comment/document the code properly 
or not.

Start out with Vuln databases which usually have links to more info:
http://osvdb.org/
http://nvd.nist.gov/

And some popular exploit/vuln sites that contain code:
http://www.milw0rm.com/
http://www.secunia.com/
http://www.securiteam.com/
http://www.offensivecomputing.net/ (I think this one has some, I'm at work and 
can't get to this site right now...)


2. a blogging community for security professionals. kind of like myspace or 
blogger.com but specialized for security professionals ( even a blog directory 
would be a good start already I think)

This is difficult right now, but you can check http://www.ittoolbox.com for 
some security guys.

Joatblog has a really nice list of links. http://www.bloglines.com/public/joat
Richard at TaoSecurity also publishes a list at bloglines: 
http://www.bloglines.com/public/TaoSecurity

My best suggestion: take an afternoon and just follow links to other blogs, 
click their links, and so on and amass a nice clutch of sites to regularly 
check or run in your RSS reader. Then tailor what works for you and which are 
useless. :) I have my own personal site with links, but I don't want to publish 
it here.

3. a collection of security publications in various formats (like SANS reading 
room but where anyone can submit a paper for free.)

Let me see if I can find some things you might be looking for here. This is 
also not as big as it could be, but a lot of security stuff bleeds into 
networking and general IT sites as well.

http://www.infosecwriters.com/
http://secgeeks.infys.net/
http://www.darkreading.com/
http://www.howtoforge.com/
http://www.techtutorials.net/

I hope this at least helps a little bit and gives you some examples. I know 
there are more out there, both what I don't know about and what I know about in 
my lists of links but am not recalling right at this moment. Good luck, and if 
you start up anything, please let us know about it!
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  FW: advice for ccna certification, Carlson, Andrew (Minnesota)
Next by Date:  RE: advice for ccna certification, Chernishev Viacheslav
Previous by Thread:  online searchable exploit code database?, Florian Rommel
Next by Thread:  Re: online searchable exploit code database?, Suchomsky Dennis
Indexes:  [Date] [Thread] [Top] [All Lists]