Ah finally a decent 0-day exploit tracker, one that isn’t underground and could be fairly useful to everyone.
0-day as basically stated in the article is an exploit not known publicly or available publicly well before any patches are available, some private groups often have exploits for a year or more before someone else discovers them, [...]

Cain & Abel is easily one of our favourite password crackers here at Darknet, especially because it’s oldskool but still under development, unlike most other projects which have been abandoned as time passed.
Cain & Abel has some awesome stuff built in like native network sniffing and network password grabbing.

Cain & Abel is a password recovery [...]

Social Engineering again, someone praying on xmas spirit and good will to spread their filthy malware.
It quite often happens during festive times, someone hatches a new worm and sends it out packaged as a jolly xmas card or game.

A significant worm outbreak over the new year festivities has put paid to the notion we’ve seen [...]

SIFT has released a new Intelligence Report titled ‘A Web Services Security Testing Framework‘. The framework covers the entire web services security testing process incorporating detailed threat modelling, scoping and planning methodologies tailored specifically for web services applications.
Web services are a widely touted technology that aim to provide tangible benefits to both business and [...]

Oh look! Another 0-day in Windows…this time in Media Player, there was a few in Word lately and the latest thing that just hit is an XSS flaw in PDF files online.
I’ll report more on those later.

The Windows Media Player library WMVCORE.DLL contains a potentially exploitable heap buffer overflow in its handling of “REF HREF” [...]

As a security consultant, job functions include Penetration Testing and Vulnerability Assessments. The aim of these types of engagements is to demonstrate risk to the customer. One of the steps involved in demonstrating risk is password auditing (”cracking”) in order to assess the strength and quality of passwords in use in the environment.
On a Windows [...]

Criminals are not stupid, cyber criminals are the same breed, perhaps even smarter than the traditionalists as they are utilising new ways of doing the same old tricks online.
Now the online criminals are recruiting fresh grads to help them push the boundaries further.

Organised crime is “grooming” a new generation of would-be cybercriminals using tactics which [...]

MTR was written by Matt Kimball, with contributions by many people. Take a look at the “AUTHORS” file in the distribution. Roger Wolff took over maintenance of MTR in october 1998.
MTR combines the functionality of the ‘traceroute’ and ‘ping’ programs in a single network diagnostic tool.

As MTR starts, it investigates the network connection between the [...]

WordPress was “born out of a desire for an elegant, well-architectured personal publishing system built on PHP and MySQL and licensed under the GPL. It is the official successor of b2/cafelog. WordPress is fresh software, but its roots and development go back to 2001. It is a mature and stable product. We hope by focusing [...]

AttackAPI provides simple and intuitive web programmable interface for composing attack vectors with JavaScript and other client (and server) related technologies. The current release supports several browser based attacking techniques, simple but powerful JavaScript console and powerful attack channel and associated API for controlling zombies.

AttackAPI 2.0 branch is a lot better then the 1.x. Now [...]

There’s been quite a few Microsoft related exploits recently, but not in Windows, people have moved their focus towards the application layer and the top of the OSI stack.
This time it was a 0-day Vulnerability in Microsoft Word.

The original news comes from SANS Internet Storm Center Diary (ISC).
Microsoft has reported Word 2003, Word 2002, Word [...]

Finally a replacement for the way outdated and rather crappy NmapFE!
Unfortunately sometimes we do have to actually use Windows, and Nmap cleverly overcame the problems with raw sockets on Windows SP2 by using ATM frames instead, so it’s cool.
Now we just need a decent GUI so it fits into the whole scheme of things, and [...]

It seems common in most things, and it’s the same in infosec and especially malware, phishing and spam.
The majority of malware, phishing attacks and spam mails are coming from the same few sources, I’d say it’s a case of 80/20.
20% of the people are sending 80% of the messages, one of the big groups is [...]

SPIKE Proxy is part of the SPIKE Application Testing Suite, It functions as an HTTP and HTTPS proxy, and allows the web developer or web application auditor low level access to the entire web application interface, while also providing a bevy of automated tools and techniques for discovering common problems. These automated tools include:

Automated SQL [...]

It seems like it’s getting really serious in the Gary McKinnon case, he’s facing what looks like his last appeal against the US anti-terror law case against him for hacking some NASA systems by guessing the weak passwords.
Not like he’s really a terrorist, or did any damage…he did something very stupid though, bruised the ego [...]

Recently a bug in certain versions of PHP came to the attention of the Wordpress developers, this bug could cause a security vulnerability in your any blogs running version 2.0.6 or below blog. It was fairly easy to work around, so they decided to release 2.0.7, just 10 days after the release of 2.0.6, to [...]

Data recovery is an important subject and it’s definitely a good thing to have a positive understanding of data recovery and how it could effort you personally or your business.
So someone told me about this Data recovery article which is a decent original reference to data recovery which contains some good original information, links to [...]

This is sad news as PHP hasn’t particularly had a good security record in the past.
He has voiced his frustrations with the internal workings of the PHP team and the development process, he has been working hard to make PHP inherently more secure…But from the look of things it seems like he was having a [...]

Wep0ff is new tool to crack WEP-key without access to AP by mount fake access point attack against WEP-based wireless clients.
It uses combination of fragmentation and evil twin attacks to generate
traffic which can be used for KoreK-style WEP-key recovery.
This tool can be used to mount fake access point attack against WEP-based wireless clients.

This code tested [...]

Ah the old mythical tale of hacking your school to change your grades to straight A’s, well I know people do it, I’ve seen it in the past…but now someone has actually gotten caught for it.
And what’s more..he’s the senior class president!

Cooper City High School’s senior class president was arrested Tuesday and charged in [...]

Ah the logic bomb, a source of humour for many due to it’s frequent showing up in ‘hacking’ movies, and it’s complete mis-use.
ZOMG THE LOGIC BOMB IT’S GONNA PWN US ALL!

A former UBS PaineWebber employee was sentenced to eight years in prison on Wednesday for planting a computer “logic bomb” on company networks and betting [...]

SIP Proxy is an Open Source VoIP security test tool which has been developed by the students Philipp Haupt and Matthias Halimann during their diploma thesis and second student research project at the University of Applied Sciences Rapperswil.
With SIP Proxy you will have the opportunity to eavesdrop and manipulate SIP traffic. Furthermore, predefined security test [...]

Now this is a massive growth, 8000% percent..woah!
Thankfully losses are still ‘modest’ whatever that means, I guess although the attacks grow in
number, awareness an education also increases (in places like UK anyway) so the risk is fairly well mitigated.

UK incidents of phishing scams have grown 8,000 per cent over the last two years, according to [...]

Technitium MAC Address Changer v4 (TMACv4 C4) has been officially released.
Technitium MAC Address Changer allows you to change Machine Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample of information regarding each NIC in the machine. [...]

The famous Phenoelit Default Password List has been updated, it’s been quite some time since an update.

http://www.phenoelit.de/dpl/dpl.html
This is a must have resource on your pen-drive and backed up offline somewhere for those important times when you need to know the login for a router/switch

Web Hack Control Center is a GUI based web server vulnerability scanner or assessment tool. This application gives you the means to identify which security vulnerabilities exist on your web servers by scanning them for the most popular server exploits. WHCC contains a database of thousands of exploits for a variety of web servers. This [...]

This is a bit of hacking in the original sense of the word, taking a $60 router and giving it the capabilities of something costing in the hundreds or thousands (enterprise level).

Of all the great DIY projects at this year’s Maker Faire, the one project that really caught my eye involved converting a regular old [...]

I love the Burp Suite, I really do. It’s pretty much my favourite local proxy program and my favourite suite of tools for security testing web applications (especially the session investigation and manipulation parts).
Another great thing is it’s cross platform, so you don’t have to learn different tools for Windows and Linux.

Basically Burp suite is [...]

Now Vista is actually out we haven’t heard much about it, before it’s commercial release however there was a lot of flaws released and discussion about the (in)security of the OS. The architecture does seem a lot better..
But still it’s from Microsoft, how long until we get a remote root exploit giving the highest level [...]

Introducing a pair of tools that go well together and give you some good control for HTTP transaction analysis and looking at the security of web applications.
Odysseus is a tool designed for testing the security of web applications.
Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy [...]

Towards the end of last year Cafepress.com came under heavy DDoS attack (Distributed Denial of Service) which took it down for some time.
The problem with DDoS attacks is there’s not much you can do to prevent it, if that guy has enough zombies resulting in enough bandwidth, you are going down.
DDoS attacks have gotten pretty [...]

Caecus is a unique tool which can bruteforce some OCR form based protections.
As far as we know at Darknet, this is the only publicly available OCR brute forcing tool.
These scripts generates a digital image as an extra layer of security called OCR. Some versions of this script also use session id’s to keep track [...]

As always, spam filters get better and smarter, but so do spammers..and frankly spammers have more to gain by beating the spam filters so they always work harder and think in more innovative ways.
As they get their spam resembling real emails more and more, the spam filters become less accurate.
On top of that they start [...]

Feature Overview - The Secunia Software Inspector:

Detects insecure versions of applications installed
Verifies that all Microsoft patches are applied
Assists you in updating your system and applications
Runs through your browser. No installation or download is required.

How Does it Work:

The Secunia Software Inspector relies on carefully crafted “Secunia File Signatures” to recognise applications on your system. The detected [...]

Yes it’s been exactly one year since Darknet was relaunched in it’s new form supported by Wordpress and a variety of posts about tools, tutorials and the latest news from the information security and specifically ethical hacking areas.
The first post of the new site:
Welcome to Darknet - The REBIRTH
It’s been an interesting year with 2 [...]

Google started the new year by fixing a serious vulnerability in Gmail.
This was quite an interesting case and once again (as everything relating to web apps seems to be nowdays) it was an XSS flaw that allowed malicious attackers to steal your contact list, leading to some pretty bad information leakage.

Google has fixed a vulnerability [...]

AccessDiver is a security tester for WEB sites. It incorporates a set of powerful features which help you find and organize failures and weaknesses from your web site.
AccessDiver can detect security failures on your web pages. It has multiple efficient tools which will verify the robustness of your accounts and directories [...]

Solaris is pwned by a similar vulnerability to one discovered on AIX systems in 1994.
Yes people that’s 13 years ago…and Sun are still vulnerable, as reported by SANS.
The following will give you root on a lot of Solaris systems:
telnet -l “-froot” [hostname]
Cool eh?

The Internet Storm Center is urging system administrators to disable or restrict telnet [...]

THC-Hydra rocks, it’s pretty much the most up to date and currently developed password brute forcing tool around at the moment.
It supports a LOT of services and protocols too.
Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallelized login cracker which supports numerous protocols to attack. [...]

A pretty cool song about RFID and RFID hacking from Monochrom.at.
Written and first performed at 23C3 (23rd Chaos Communication Congress) in December 2006 in Berlin as part of monochrom’s ‘Proto-Melodic Comment Squad’.

Users, there’s trouble ahead
I said users, it is totally sad
But users, the future lies in your hand
Cause it’s all about surveillance
Comrades, you don’t know [...]

sqlmap is an automatic blind SQL injection tool, developed in python, capable of enumerating an entire remote database, performing an active database fingerprint and much more. The aim of this project is to implement a fully functional database mapper tool which takes advantages of web application programming security flaws which lead to SQL injection vulnerabilities.

Features

Test [...]

This was a while ago, but once again unsurprising..The amount of security holes that have been discovered in MySpace (to say they hold some pretty confidential info and are a preying ground for paedos..it’s a scary thought).
Once again an XSS flaw shows up in MySpace.

digi7al64 found yet another hole in myspace using non-alpha-non-digit exploit. Again, [...]

Fierce domain scan was born out of personal frustration after performing a web application security audit. It is traditionally very difficult to discover large swaths of a corporate network that is non-contiguous. It’s terribly easy to run a scanner against an IP range, but if the IP ranges are nowhere near one another you can [...]

I saw a pretty interesting article a few days attempting to reverse engineer the mosaic tool used often online to obscure sensitive or confidential information.
The article shows that the mosaic isn’t actually very random, and in a way you can brute force reverse engineer the mosaic to reveal the contents before they were obscured.
It’s ok [...]

Google has fixed a security flaw in its desktop search software that created a means for hackers to rifle through personal files on users’ PCs.
A failure in Google Desktop to “properly encode output containing malicious or unexpected characters” created a means for hackers to cross from the web environment to the desktop application environment.
So if [...]

LFT
LFT, short for Layer Four Traceroute, is a sort of ‘traceroute’ that often works much faster (than the commonly-used Van Jacobson method) and goes through many configurations of packet-filters (firewalls). More importantly, LFT implements numerous other features including AS number lookups through several reliable sources, loose source routing, netblock name lookups, et al.
What makes LFT [...]

This is a pretty cool new development, something straight out of a Tom Clancy thriller or a spy/hacker movie.
Introducing Spy Coins! People are actually being warned about picking up stray coins as they might have surveillance devices inside.

Can the coins jingling in your pocket trace your movements? The Defense Department is warning its American contractor [...]

ADtool is a neat tool to help you list all the machines that are part of an Active Directory driven domain or network.
It is intended to help pentesters and admins in their day to day work, there are some other tools that can accomplish the work for listing domain servers, but unfortunately all other tools [...]

It’s good to have a variety of Operating Systems in your hacking lab at home, it helps you get familiar with them..as to break things, you have to know how they work first.
So get to know Solaris, they have some pretty neat security related software inside their OS and generally are pretty good when it [...]

Michael Daw has collected some WEB backdoors to exploit vulnerable file upload facilities and others. It’s a pretty useful library for a variety of situations, especially for those doing web application security audits and web app security.
Understanding how these backdoors work can also help security administrators implement firewalling and security policies to mitigate obvious attacks.

All [...]

A paper about cracking SHA-1 originally surfaced in 2005, from a fairly reputable scientific source in China, it was widely publicised nor talked about much.
But then recently, just last month China managed to make a wave out of it, almost 2 years after the initial ‘report’.
It was even Slashdotted on January 20th 2007, the article [...]

Handy Recovery is pretty neat software, there is occasions when I’m using Windows and I need to recover something or I’ve deleted something by mistake (I have a habit of using SHIFT+DEL so it’s not even in the recycle bin.
I usually use Active Undelete and was pretty happy with it, I got a chance to [...]

…finally after three months of inactivity (exams, parties and so) I made some time to write this virus and this article… so for the ones who read this series… ENjOY =)
The Old School Virus
Yeah, I gave up writting infant-b because even the [a] version was full of bugs, and had to logicaly restructure the code [...]

Recently a fairly huge credit card breach occurred involving a large retail company called TJX, with more than 2,000 retail stores.
Some pretty well known brands there, I know I’ve used some of them…the sad part is they themselves still haven’t worked out the extent of the damage done to their information.
For me this has serious [...]

Of course it’s a small article about md5… I really wondered how many Micro$oft Windows users check the md5 sum of programs that they download from the internet…
Do you really trust that much the mirror websites?
Even I could set up a mirror website for any download website and spread malformed packages to include, trojans, backdoors, [...]

Some sneaky hacker got into the Wordpress download server and placed a backdoor in the latest available version (2.1.1).
Luckily within a day someone reported the exploit to the Wordpress team and they took the site down to investigate.

This morning we received a note to our security mailing address about unusual and highly exploitable code in [...]

An Austrian web site called AV Comparatives has done an ‘independent‘ test of 17 different Anti-Virus products and released the results online.
On this site you will find independent comparatives of Anti-Virus software. All products listed in our comparatives are already a selection of some very good anti-virus products. In order to get tested by us, [...]

There are not many good tools for replaying traffic, most people use WireShark (formely known as Ethereal) for capturing the traffic, but what happens if you want to take that capture and reply it over the wire?
Someone has this problem so they decided to code their own solution, thankfully for us! There are quite a [...]

It didn’t take them long! A while ago some smart chaps worked out the a way to extract the HD DVD and Blu-ray Disc “volume keys” to decrypt AACS DRM on individual films (This was about 2 months ago).
Now they have cracked the scheme behind it, the so called “processing key” used to decrypt the [...]

The Common Password Problem.
Users tend to use a single password at many different web sites. By now there are several reported cases where attackers breaks into a low security site to retrieve thousands of username/password pairs and directly try them one by one at a high security e-commerce site such as eBay. As expected, this [...]

A massive online heist, some (like McAfee) claim it’s the biggest ever online sting involving a bank, it’s comes in at about half a million pounds or or $1.1 million USD.
Using some l33t0 custom trojan, it seems to be more a case of lack of education and the whole situation could have been avoided by [...]

A new tool dealing with web sessions was recently announced, it’s called stompy, a free tool to perform a fairly detailed black-box assessment of WWW session identifier generation algorithms. Session IDs are commonly used to track authenticated users, and as such, whenever they’re predictable or simply vulnerable to brute-force attacks, we do have a problem.
The [...]

Ah another trojan, this time targeting MSN Live logins for. The trojan has been made public by some kind citizen calling himself “Our Godfather” on the BitTorrent network.
The sad thing is…I guess it works and hundreds of people will have installed it.

Malware designed to steal users’ Windows Live Messenger password has been released onto the [...]

ADN - Active Directory Navigator is a little tool to visually explore an Active Directory and perform a simple dictionary attack against users’ password.
You can download the tool here:

ADN - Active Directory Navigator
MD5 4a1e3bb33a25d91d7d7a70877f8374ef
SHA1 a0bf80e9426835b88cc6604784d2d949efe5645f
Notes: It requires .NET framework and PCSoft framework

It’s a scary thought to find out perhaps a quarter of Internet connected machines could be zombies…The sad part is, I think it could well be true, as most of the non tech savvy Internet users I know still use Internet Exploder and their machines are riddled with crapware, trojans, viruses and spyware.
Imagine how many [...]

Technika was developed for the computer security professionals to automate common exploitative task from the browser. It acts like a standard OS shell scripting environment. You can script everything from the currently viewed page just like Greasemonkey (spawn processes, unrestricted XMLHttpRequest connections and sockets). You can autorun bookmarklets and perform safe operations on the currently [...]

Backup Platinum is an Windows platform backup program to make another copy of your important stuff so if your PC burns/gets pwned/crashes etc you won’t lose everything.
It supports backup by Hard or USB drives, CD-R/W or DVD±R/RW media, FTP server or Local Area Network (LAN).
It’s easy enough to download and install, you can grab it [...]

Clustered Firewalls? What on earth next, beowulf IDS systems?

Check Point has added cluster support and more granular controls to its virtual firewall software, memorably named Check Point VPN-1 Power VSX NGX.
Virtual firewalls can now be distributed around a server cluster, with standby firewalls on alternative servers. System administrators can also shift processor power around, taking [...]

This Phenoelit tool called ObiWaN is written to carry out brute force security testing on Webservers.
The idea behind this is webservers with simple challenge-response authentication mechanism mostly have no switches to set up intruder lockout or delay timings for wrong passwords. In fact this is the point to start from. Every user with a [...]

Well at least it shows the Internet is not very susceptible to such attacks due to its distributed nature, even if the root nameservers are down, the DNS system still functions.
This was a pretty heavy attack though and the most significant in the past 5 years or so, someone testing their ego I guess.
I CAN [...]

OWASP JBroFuzz is a stateless network protocol fuzzer that emerged from the needs of penetration testing. Written in Java, it allows for the identification of certain classess of security vulnerabilities, by means of creating malformed data and having the network protocol in question consume the data.
The purpose of this application is to provide a single, [...]

After the web 2.0 hacking with firefox and its plugins article I wrote some months ago, recently I found a new way to transform firefox in the ultimate pen-testing tool… actually it has been lying in my inbox for days…

…new Firefox Framework Map collection of the most useful security oriented extensions. We called the framework [...]

Agnitum Outpost Firewall Pro is a software based firewall I respect a lot, and used to actually use…It used to be fairly light weight, secure and had some good features the other firewalls at the time didn’t have (system file integrity checking and so on).

But nowadays with NAT routers, the need for desktop firewalls is [...]

Finally it’s out of BETA, Metasploit Framework Version 3.0 has been released and it’s a lot more Windows friendly.
The Metasploit Framework (”Metasploit”) is a development platform for creating security tools and exploits. Version 3.0 contains 177 exploits, 104 payloads, 17 encoders, and 3 nop modules. Additionally, 30 auxiliary modules are included that perform a wide [...]

(IN)SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security topics. It can be distributed only in the form of the original non-modified PDF document.
ISSUE 1.10 (February 2007) - DOWNLOAD

Microsoft Windows Vista: significant security improvement?
Review: GFI Endpoint Security 3
Interview with Edward Gibson, Chief Security Advisor at Microsoft UK
Top 10 [...]