About InfoSec

InfoSec Institute is the best source for high quality information security training. We have been training Information Security and IT Professionals since 1998 with a diverse lineup of relevant training courses. In the past 16 years, over 50,000 individuals have trusted InfoSec Institute for their professional development needs!

Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals.
Our aim is to collect exploits from submittals and various mailing lists and concentrate them in one, easy-to-navigate database.
This was written solely for educational purposes. Use it at your own risk. The author will be not responsible for any damage. // r0073r

Learn about the latest online threats.
Share and collaborate in developing threat intelligence.
Protect yourself and the community against today’s latest threats.

At the heart of Open Threat Exchange is the pulse, an investigation of an online threat. Pulses describe any type of online threat including malware, fraud campaigns, and even state sponsored hacking.

Pulses are comprised of indicators of compromise (or IoCs), which describe the infrastructure of that threat – including IPs, file hashes, e-mail addresses affiliated with the threat, etc.

Having this as hobby project I usually have time to focus on following only single malware threat at a time - now I have main focus on Locky download sites. If I read some interesting whitepaper, I will probably import some links/hashes to tracker database here and there, but in general I do not verirify or follow on those. This site is considered to be mainly research platform and directly using the data for blacklisting is not recommended. At least you should make sure to filter out with some reasonable whitelist. For example if some malware will be connecting to for example 'http://google.com/70.exe?1' (as Teslacrypt did to query connection) or to '//plus.google.com/u/0/115747778649102578052/about' or 'https://twitter.com/linketelin' (as PlugX samples d9af894d51ba61075c7cd329b0be52df, 02a175b81144b8fa22414e9cf281f71c did) then such links can be found in the listings of tracker although I am not saying the sites as such should be blocked.

Hurricane Electric operates its own global IPv4 and IPv6 network and is considered the largest IPv6 backbone in the world as measured by number of networks connected. Within its global network, Hurricane Electric is connected to over 150 major exchange points and exchanges traffic directly with more than 6,000 different networks. Employing a resilient fiber-optic topology, Hurricane Electric has no less than four redundant paths crossing North America, two separate paths between the U.S. and Europe, and rings in Europe and Asia. In addition to its vast global network, Hurricane Electric owns and operates two data centers in Fremont, California - including Hurricane Electric Fremont 2, its newest 200,000 square-foot facility. Hurricane Electric offers IPv4 and IPv6 transit solutions over the same connection. Connection speeds available include 100GE (100 gigabits/second), 10GE, and gigabit ethernet.

Cisco's SenderBase.org provides a view into real-time threat intelligence across web and email. SenderBase is powered by Cisco Talos, the industry-leading threat intelligence organization dedicated to providing protection before, during, and after cybersecurity threats. The data is made up of over 100TB of daily security intelligence across over 1.6 million deployed Web, Email, Firewall and IPS appliances. Talos detects and correlates threats in real time using the largest threat detection network in the world spanning web requests, emails, malware samples, open source data sets, endpoint intelligence, and network intrusions. SenderBase is able transform some of Talos's data into actionable threat intelligence and tools to improve your security posture.

Welcome to the 'Scan of the Month' challenge. The purpose of these challenges are to help the security community develop the forensic and analysis skills to decode real attacks. It can be difficult finding real attacks that you can analyze and share your results with the community. These challenges address that problem. This is done by taking attacks we have captured in the wild and challenging the security community to decode them. Unfortunately, due to resource limitations, we can no longer provide a new challenge every month.

Here's a collection of Web Services related tools for Windows, some of these support both PocketPC & Desktop variations of Windows.

Here's a collection of applications & developer tools for use with Salesforce.com, these are mostly for Mac OSX.

Find your smartphone or tablet on the right side and head over to download the Framaroot APK and root your device.

Using framaroot is very easy and you shouldn't encounter any problem with it.

If you want to unroot your device after you've rooted it, that's also possible. You will have to flash a stock ROM and your device will be instantly unrooted.

There are many ways to make a presence on the web and a website is just one of them. Other types of web presence include social media channels and sites that allow customers to review your business. Before you start making a website, make sure you understand what’s provided by the different types of web presence and the costs and benefits associated with each type.

Nice apps, projects and dev stuff

Law enforcement and IT Security companies have joined forces to disrupt cybercriminal businesses with ransomware connections.

The “No More Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cyber security companies – Kaspersky Lab and Intel Security – with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.

This webpage is a free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.

ThreatMiner is designed to be an analyst's first portal to visit when doing threat research and here's why.

Threat intelligence and intrusion analysts who regularly perform research into malware and network infrastructure often find the need to rely on mutliple websites that individually holds a small piece of the larger puzzle.

Furthermore, it is often the case where pivoting directly from an open source research report is unavailable and that it is sometimes difficult to remember if an indicator has alredy been reported and/or attributed. All these small but frustrating obstacles distract an analyst from what they do best: analyse.

We are a group of people from various parts of the world, who like to experiment with computers. We hope that we can provide some information back to the public and support the ongoing process of learning. Our group is involved in various research and projects such as Hardware Hacking, BackTrack, Exploit Development, Online Information Security Training, and various other aspects of network security.

API Platform Core is an easy to use and powerful library to create hypermedia-driven REST APIs. It is a component of the API Platform framework. It can be used standalone or with the Symfony framework (recommended).

It embraces JSON for Linked Data (JSON-LD) and Hydra Core Vocabulary web standards.

Build a working and fully-featured CRUD API in minutes. Leverage the awesome features of the tool to develop complex and high performance API-first projects.

If you are starting a new project, the easiest way to get API Platform up is to install the API Platform Standard Edition.

sebsauvage.net est le site "perso" d'un internaute qui travaille dans l'informatique.

On y trouve:
Ses coups de gueule.
Des explications sur l'informatique.
Une sélection de logiciels.
Des conseils pour sécuriser votre ordinateur.
Diverses autres choses: programmation Python, un logiciel qui créé des images (webGobbler), des instructions pour créer gratuitement des PDF, etc.

Kaggle has a huge community of data scientists who come to compete in machine learning competitions. In our next chapter, we're building a platform that allows data scientists to share and collaborate as well as compete. We need your help.

One of the many wonderful aspects about cosplay is that you can create something awesome from an item as mundane as a bottle cap. Well, several of them. Josh used 3,284 beer caps to construct a suit of armor and became the Capped Crusader.

PwnWiki.io is a collection TTPs (tools, tactics, and procedures) for what to do after access has been gained.
We want/need your help! Please contribute to this project is via GitHub (https://github.com/pwnwiki/pwnwiki.github.io). That allows us to get your project-ready content incorporated into the wiki fast.

Netflix doesn’t publish a list of all those genres, so we’ve done the hard work and created the world’s largest list of Netflix genres with over 27,002 genres. You can see the full list below, and you can filter it according to genre, description and decade. Click on the link for any genre to open it in Netflix, right in your browser. (For instance, “Biographical 20th Century Period Pieces About Fame” is genre 77456.)

La communauté FrameIP partage gratuitement ses documentations et codes source concernant le monde des réseaux TCPIP.

Visité par plus de 5000 personnes par jours, FrameIP.com nécessite un hébergement performant, une richesse des documentations et un entretient permanent.

Pour continuer à encore mieux partager, votre participation à la communauté sera la bienvenue.

The Foofus.Net team is an assortment of security professionals and wannabes located somewhere in the Midwestern United States. This site exists to support the various tools and ideas that we’ve made public, along with aiding to fill our DefCon beer fund.

Welcome to PunkSPIDER: a global web application vulnerability search engine.
Deeper, faster, harder scans

How to display an RSS feed with a single PHP function? The URL of the file may be

• local, in the form: rss.xml, or
• distant in the form: http://www.scriptol.com/rss.xml.

There is only one difference, if the filename has the ".php" extension when it is generated by a CMS or such software, locally the file is processed by the server as a text file while remotely it is processed as a script. There is no difference if the extension is ".xml".

The script is compatible with:

• RSS 2.0 (that is compatible with 0.91, 0.92 etc.)
• RSS RDF or RSS 1.0.
  Actually the script extracts the title, link and description tags and ignores the format of structure of the document.
  The benefit of PHP to display an RSS feed is that it will be visible by search engines.

Sylius is the first eCommerce framework. Developed with the newest methodologies and using PHP and Symfony as a foundation. Discover how easy and pleasant it is to work with it. Just enjoy being a developer again.

Discover the best practices that fit the philosophy of the framework as envisioned by its original creator Fabien Potencier. Learn a new pragmatic vision for Symfony application development and boost your productivity.

Welcome to slepp.ca. Presently, not a lot to see here. The goal is to finally put some wrappings around all the projects and stuff I've collected over the years. I'll likely resurrect the content from Geeks Anonymous and my other sites and toss it into here.

urlQuery is a free online service for testing and analyzing URLs, helping with identification of malicious content on websites. The main focus of urlQuery is to find and detect suspicious and malicious content on webpages, to help improve the security industry and make the internet a safer place.

A helpful set network utilities for Windows operator and network administrators. All of the tools supports the following features:

Command line interface (CLI)
Designed for use in script/batch files
Ready for IPv4 and IPv6 networks
Windows XP – 10 compatible