Network visualization with Cisco ASA

I've implemented a lot of Cisco firewalls over the years, and one common thing that was missing was a method of doing external traffic analysis beyond syslog/snmp. Fortunately in recent versions of the ASA code Cisco has added support for Netflow output.

The only catch to this is that is generates Netflow V9 output (v5 is more commonly used). The only missing piece is a netflow collector. I have setup Scrutinizer and so far I'm very pleased.

Web-app punching bag

Chuck Willis over at Mandiant released a web application penetration testing Virtual Machine. This can be handy for learning the ropes, also an alternative to WebGoat (WebApp testing suite).

RIP milw0rm , new exploit repository at remote-exploit

It appears that the guys over at remote exploit have moved in to fill the space left behind after milw0rm quit updating. One of the nice things about the exploit site @ Offsec is that they will occasionally include a link to the vulnerable version of the application which is great for testing.

Security Binge - New hacking podcast

They cover a cool things here, the coolest being GPU-accelerated password cracking. I knew that your GPU could be used in conjunction with your CPU, but I didn't realize how much faster it becomes.

http://securitybinge.com/updates/2009/11/14/securitybinge-episode-002.html

Link to developer of BarsFW and code
http://3.14.by/en/