New NBTEnum version

Those who perform penetration tests probably already know this tool. Ok, a new version was just released. Even if you don't use it, visit Reed Arvin site, there are lots of great tools there.

Bejtlich and SANS Top 20

I thnk that Richard Bejtlich is being a little picky about this subject, but he still got his point. Even in a work with such good content as the Top 20, basic concept mistakes can jeopardize its value. A document like this is read and used by lots of people, spreading the mistakes throughout the field. Hey SANS guys, instead of criticizing, why not try the CISSP? It won't hurt, it'll only add value (and it's not even something that Bejtlich will agree with me, given his opinion on this cert).

Mistakes with vulnerabilities and threats concepts is something that a CISSP doesn't usually do, even if with very bad technical skills. Mix the technical skills provided by SANS with solid fundamentals from the CBK. That's the source of an incredibly valuable Top 20 document.

MS06-070

Should I still need to say that this one is critical (well, MS already did that)?

Every time that there is a vulnerability in core Windows services, like "Server" and "Workstation", it smells like worm spirit. There is a relatively new fact that needs to be remembered these days...

Microsoft is pushing its processes to find illegal copies of Windows inside its updating system. I believe that in the last months several illegal copies that were being regularly updated are not doing that anymore. I know that personal firewalls and SoHo routers are more present, but I won't be surprised if a new worm finds more success than the last ones because of this.

New sysinternals tool

Those that constantly need to study trojans and viruses behaviour, or to debug "LUA bugs" in Windows applications, probably already know Sysinternal tools Filemon and Regmon. I always wondered why there wasn't a tool combining both. Now there is.