Advertisement
SecLists @ BlackHat Arsenal 2015
SecLists @ BlackHat Arsenal 2015
SecLists @ BlackHat Arsenal 2015
SecLists @ BlackHat Arsenal 2015
SecLists @ BlackHat Arsenal 2015
SecLists @ BlackHat Arsenal 2015
SecLists @ BlackHat Arsenal 2015
SecLists @ BlackHat Arsenal 2015
SecLists @ BlackHat Arsenal 2015
SecLists @ BlackHat Arsenal 2015

Check these out next

Racing The Web - Hackfest 2016
Racing The Web - Hackfest 2016
Aaron Hnatiw
Lie to Me: Bypassing Modern Web Application Firewalls
Lie to Me: Bypassing Modern Web Application Firewalls
Ivan Novikov
Ruxmon feb 2013 what happened to rails
Ruxmon feb 2013 what happened to rails
snyff
Jwt == insecurity?
Jwt == insecurity?
snyff
BruCon 2011 Lightning talk winner: Web app testing without attack traffic
BruCon 2011 Lightning talk winner: Web app testing without attack traffic
Abraham Aranguren
Firebird Interbase Database engine hacks or rtfm
Firebird Interbase Database engine hacks or rtfm
qqlan
Finding Needles in Haystacks
Finding Needles in Haystacks
snyff
Silent web app testing by example - BerlinSides 2011
Silent web app testing by example - BerlinSides 2011
Abraham Aranguren
1 of 10

SecLists @ BlackHat Arsenal 2015

Aug. 13, 2015
Download to read offline
Technology

Our BlackHat Arsenal talk on the SecLists project.

Daniel Miessler
Director of Advisory Services at IOActive
Advertisement
Advertisement
Advertisement

Recommended

How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...bugcrowd200.5K views82 slides
Polyglot payloads in practice by avlidienbrunn at HackPraPolyglot payloads in practice by avlidienbrunn at HackPra
Polyglot payloads in practice by avlidienbrunn at HackPraMathias Karlsson14.2K views49 slides
DEFCON 23 - Jason Haddix - how do i shot webDEFCON 23 - Jason Haddix - how do i shot web
DEFCON 23 - Jason Haddix - how do i shot webFelipe Prado79 views84 slides
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016bugcrowd12.2K views82 slides
Ekoparty 2017 - The Bug Hunter's MethodologyEkoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's Methodologybugcrowd7.8K views58 slides
Flash it baby!Flash it baby!
Flash it baby!Soroush Dalili7.6K views41 slides

More Related Content

Slideshows for you(20)

Racing The Web - Hackfest 2016Racing The Web - Hackfest 2016
Racing The Web - Hackfest 2016
Aaron Hnatiw3K views
Lie to Me: Bypassing Modern Web Application FirewallsLie to Me: Bypassing Modern Web Application Firewalls
Lie to Me: Bypassing Modern Web Application Firewalls
Ivan Novikov33.7K views
Ruxmon feb 2013 what happened to railsRuxmon feb 2013 what happened to rails
Ruxmon feb 2013 what happened to rails
snyff940 views
Jwt == insecurity?Jwt == insecurity?
Jwt == insecurity?
snyff18.5K views
BruCon 2011 Lightning talk winner: Web app testing without attack trafficBruCon 2011 Lightning talk winner: Web app testing without attack traffic
BruCon 2011 Lightning talk winner: Web app testing without attack traffic
Abraham Aranguren4.1K views
Firebird Interbase Database engine hacks or rtfmFirebird Interbase Database engine hacks or rtfm
Firebird Interbase Database engine hacks or rtfm
qqlan18.2K views
Finding Needles in HaystacksFinding Needles in Haystacks
Finding Needles in Haystacks
snyff4.3K views
Silent web app testing by example - BerlinSides 2011Silent web app testing by example - BerlinSides 2011
Silent web app testing by example - BerlinSides 2011
Abraham Aranguren8.4K views
Art of Web Backdoor - Pichaya MorimotoArt of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya Morimoto
Pichaya Morimoto3.9K views
Vulnerabilities in data processing levelsVulnerabilities in data processing levels
Vulnerabilities in data processing levels
beched4.8K views
JWT: jku x5uJWT: jku x5u
JWT: jku x5u
snyff6.5K views
Ln monitoring repositoriesLn monitoring repositories
Ln monitoring repositories
snyff985 views
Ruxmon cve 2012-2661Ruxmon cve 2012-2661
Ruxmon cve 2012-2661
snyff627 views
LogStash - Yes, logging can be awesomeLogStash - Yes, logging can be awesome
LogStash - Yes, logging can be awesome
James Turnbull28.5K views
I'm in ur browser, pwning your stuff - Attacking (with) Google Chrome ExtensionsI'm in ur browser, pwning your stuff - Attacking (with) Google Chrome Extensions
I'm in ur browser, pwning your stuff - Attacking (with) Google Chrome Extensions
Krzysztof Kotowicz9.7K views
Veil-PowerView - NovaHackersVeil-PowerView - NovaHackers
Veil-PowerView - NovaHackers
VeilFramework3.4K views
Owasp web application security trendsOwasp web application security trends
Owasp web application security trends
beched3.3K views
ZeroNights - SmartTV ZeroNights - SmartTV
ZeroNights - SmartTV
Sergey Belov636 views
關於SQL Injection的那些奇技淫巧關於SQL Injection的那些奇技淫巧
關於SQL Injection的那些奇技淫巧
Orange Tsai5.2K views
Nginx warheadNginx warhead
Nginx warhead
Sergey Belov1.7K views

More from Daniel Miessler(13)

The OWASP Game Security FrameworkThe OWASP Game Security Framework
The OWASP Game Security Framework
Daniel Miessler705 views
Practical IoT Security in the EnterprisePractical IoT Security in the Enterprise
Practical IoT Security in the Enterprise
Daniel Miessler382 views
The IoT Attack SurfaceThe IoT Attack Surface
The IoT Attack Surface
Daniel Miessler1.3K views
The Game Security FrameworkThe Game Security Framework
The Game Security Framework
Daniel Miessler415 views
Evolution of The ApplicationEvolution of The Application
Evolution of The Application
Daniel Miessler315 views
Implementing Inexpensive Honeytrap TechniquesImplementing Inexpensive Honeytrap Techniques
Implementing Inexpensive Honeytrap Techniques
Daniel Miessler1.3K views
Securing Medical Devices Using Adaptive Testing MethodologiesSecuring Medical Devices Using Adaptive Testing Methodologies
Securing Medical Devices Using Adaptive Testing Methodologies
Daniel Miessler1.8K views
Peak Prevention: Moving from Prevention to ResiliencePeak Prevention: Moving from Prevention to Resilience
Peak Prevention: Moving from Prevention to Resilience
Daniel Miessler2.5K views
Adaptive Testing Methodology [ ATM ]Adaptive Testing Methodology [ ATM ]
Adaptive Testing Methodology [ ATM ]
Daniel Miessler1.1K views
IoT Attack Surfaces -- DEFCON 2015IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015
Daniel Miessler6.7K views
RSA2015: Securing the Internet of ThingsRSA2015: Securing the Internet of Things
RSA2015: Securing the Internet of Things
Daniel Miessler1K views
The Real Internet of Things: How Universal Daemonization Will Change EverythingThe Real Internet of Things: How Universal Daemonization Will Change Everything
The Real Internet of Things: How Universal Daemonization Will Change Everything
Daniel Miessler2.8K views
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
Daniel Miessler9.6K views
Advertisement

Recently uploaded(20)

如何办理一份高仿南达科他大学毕业证成绩单?如何办理一份高仿南达科他大学毕业证成绩单?
如何办理一份高仿南达科他大学毕业证成绩单?
aazepp3 views
solar panel.pptxsolar panel.pptx
solar panel.pptx
AbdulberBaig3 views
【本科生、研究生】美国南达科他大学毕业证文凭购买指南【本科生、研究生】美国南达科他大学毕业证文凭购买指南
【本科生、研究生】美国南达科他大学毕业证文凭购买指南
sutseu0 views
PEMBANGKIT_1.pptPEMBANGKIT_1.ppt
PEMBANGKIT_1.ppt
DediTriLaksono11 view
NS-CUK Seminar: V.T.Hoang, Review on "Graph Clustering with Graph Neural Netw...NS-CUK Seminar: V.T.Hoang, Review on "Graph Clustering with Graph Neural Netw...
NS-CUK Seminar: V.T.Hoang, Review on "Graph Clustering with Graph Neural Netw...
ssuser4b1f480 views
【本科生、研究生】英国埃克塞特大学毕业证文凭购买指南【本科生、研究生】英国埃克塞特大学毕业证文凭购买指南
【本科生、研究生】英国埃克塞特大学毕业证文凭购买指南
akuufux0 views
Pill Camera.pptxPill Camera.pptx
Pill Camera.pptx
Md Refatul Amin Refat0 views
如何办理一份高仿纽约州立大学宾汉姆顿分校毕业证成绩单?如何办理一份高仿纽约州立大学宾汉姆顿分校毕业证成绩单?
如何办理一份高仿纽约州立大学宾汉姆顿分校毕业证成绩单?
aazepp0 views
Excel 2010.docxExcel 2010.docx
Excel 2010.docx
RobertoMarcelinodaSi15 views
jenkins.pptxjenkins.pptx
jenkins.pptx
Orco10 views
ChIP-Sequencing ChIP-Sequencing
ChIP-Sequencing
Hajra Qayyum0 views
Crewlogout OverviewCrewlogout Overview
Crewlogout Overview
livestimes0 views
Raspberry pi presentation.pptxRaspberry pi presentation.pptx
Raspberry pi presentation.pptx
FrankAnthonyChin0 views
【本科生、研究生】美国德鲁大学毕业证文凭购买指南【本科生、研究生】美国德鲁大学毕业证文凭购买指南
【本科生、研究生】美国德鲁大学毕业证文凭购买指南
sutseu0 views
【本科生、研究生】英国利物浦约翰莫尔大学毕业证文凭购买指南【本科生、研究生】英国利物浦约翰莫尔大学毕业证文凭购买指南
【本科生、研究生】英国利物浦约翰莫尔大学毕业证文凭购买指南
sutseu0 views
presentation.pdfpresentation.pdf
presentation.pdf
Mahdi_Fahmideh0 views
#9 Calicut MuleSoft Meetup - Munits in Mule 4.pptx#9 Calicut MuleSoft Meetup - Munits in Mule 4.pptx
#9 Calicut MuleSoft Meetup - Munits in Mule 4.pptx
JohnMathewPhilip0 views
Bosch BSG8_8100 Service Manual.pdfBosch BSG8_8100 Service Manual.pdf
Bosch BSG8_8100 Service Manual.pdf
ssuser78bec110 views
Technology Companies Development StoryTechnology Companies Development Story
Technology Companies Development Story
Hamidreza Soleimani0 views
What are the Reactjs PropertiesWhat are the Reactjs Properties
What are the Reactjs Properties
TutorialsFreak0 views

SecLists @ BlackHat Arsenal 2015

  1. SecLists The pentester’s companion
  2. Why SecLists
  3. Integrations ✓ Burp ✓ Kali ✓ Other distros ✓ Other tools
  4. Contribution ✓ Submit via GitHub ✓ Submit via pull request ✓ Submit lists ✓ Submit recommendations ✓ Flame
  5. Attribution
  6. ✓ Kali ✓ Burp, ZAP ✓ Expanding Polyglots ✓ Expanding magic strings ✓ Expanding DOM XSS lists ✓ Dangerous functions ✓ SSRF file handlers ✓ Killer scripts ✓ NetSec lists / syntax / etc ✓ net use, nmap, tcpdump,
 psexec, metasploit, sqlmap, 
 hydra, medusa, ncrack, netstat,
 ncat, , project++
  7. SecLists The pentester’s companion
  8. SecLists The pentester’s companion ✓ https://github.com/danielmiessler ✓ @danielmiessler ✓ daniel@danielmiessler.com ✓ https://github.com/jhaddix ✓ @jhaddix ✓ j.haddix56@gmail.com https://github.com/danielmiessler/SecLists
Advertisement