methodology,checklists, tools, vulnerable webapps

et aussi http://resources.infosecinstitute.com/14-popular-web-application-vulnerability-scanners/

via G+ ... à verifier !

Comment désactiver la mise à jour automatique vers Windows 10 http://korben.info/desactiver-mise-a-jour-windows-10.html
Sur Win7 ne pas installer:
https://support.microsoft.com/fr-fr/kb/3035583
https://support.microsoft.com/fr-fr/kb/2952664

https://www.askwoody.com/2016/what-are-the-differences-between-kb2952664-kb3150513-and-the-naughty-kb3035583/

voir une liste de aout 2015 https://www.hackread.com/microsoft-updates-spy-on-windows7-8-users/

et http://korben.info/windows-10-bloquer-mise-a-jour.html --> https://www.grc.com/never10.htm

via http://sebsauvage.net/links/?UPEyYg

ici: http://www.hit.bme.hu/~buttyan/publications/PekBB13acmcsur.pdf
ou là: http://profsandhu.com/cs6393_s14/csur_hw_virt_2013.pdf

autre (2010) http://www.univ-orleans.fr/lifo/prodsci/rapports/RR/RR2010/RR-2010-06.pdf

trouvé sur http://tic-et-net.org/2013/02/14/partage-de-connexion-wifi-sous-windows/
à la main quand ça fonctionne http://tic-et-net.org/2011/08/24/windows-seven-en-point-daccs-wifi/
illustré http://tic-et-net.org/2011/08/24/windows-seven-en-point-daccs-wifi/

merci http://sebsauvage.net/links/?pWRlPw

se sortir du merdier autour de la gare

salle Berlioz ::)

téléphone maison ...
via http://sebsauvage.net/links/?jJC4rA

By exporting variable SSLKEYLOGFILE

Powermate VL370
la brocante de mamie http://www.solidura.fr/

cartes wifi possibles?
PCI TP-LINK TL-WN851ND https://wikidevi.com/wiki/TP-LINK_TL-WN851ND Atheros AR9227
PCI-E TP-LINK TL-WN881ND PCI-E TL-WN881ND Atheros AR9287

install wine http://doc.ubuntu-fr.org/wine

la plus simple: paste -s -d+ infile|bc
plus cool: dc -f infile -e '[+z1<r]srz1<rp'
et pour améliorer ma solution usuelle: (cat infile tr '\n' '+'; echo 0) |bc -l

Flaws in the OpenSSLX509Certificate class in Android can be exploited by an app to compromise the system_server process – and gain powerful system-level access on the device.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-3825
https://securityintelligence.com/one-class-to-rule-them-all-new-android-serialization-vulnerability-gives-underprivileged-apps-super-status/#.VcjWqp5VhBc

https://github.com/bmatzelle/gow

The new vuln glories in the name XSA-138, aka CVE-2015-5154 and means “An HVM guest which has access to an emulated IDE CDROM device (e.g. with a device with "devtype=cdrom", or the "cdrom" convenience alias, in the VBD configuration) can exploit this vulnerability to take over the qemu process elevating its privilege to that of the qemu process.”

nmap tn3270, cics, nje ...

• http://mainframed767.tumblr.com/post/126213072538/all-the-kick-ass-demos-from-my-defcon-23-talk