It’s good to have a variety of Operating Systems in your hacking lab at home, it helps you get familiar with them..as to break things, you have to know how they work first.
So get to know Solaris, they have some pretty neat security related software inside their OS and generally are pretty good when it [...]
ADtool is a neat tool to help you list all the machines that are part of an Active Directory driven domain or network.
It is intended to help pentesters and admins in their day to day work, there are some other tools that can accomplish the work for listing domain servers, but unfortunately all other tools [...]
This is a pretty cool new development, something straight out of a Tom Clancy thriller or a spy/hacker movie.
Introducing Spy Coins! People are actually being warned about picking up stray coins as they might have surveillance devices inside.
Can the coins jingling in your pocket trace your movements? The Defense Department is warning its American contractor [...]
LFT
LFT, short for Layer Four Traceroute, is a sort of ‘traceroute’ that often works much faster (than the commonly-used Van Jacobson method) and goes through many configurations of packet-filters (firewalls). More importantly, LFT implements numerous other features including AS number lookups through several reliable sources, loose source routing, netblock name lookups, et al.
What makes LFT [...]
Google has fixed a security flaw in its desktop search software that created a means for hackers to rifle through personal files on users’ PCs.
A failure in Google Desktop to “properly encode output containing malicious or unexpected characters” created a means for hackers to cross from the web environment to the desktop application environment.
So if [...]
I saw a pretty interesting article a few days attempting to reverse engineer the mosaic tool used often online to obscure sensitive or confidential information.
The article shows that the mosaic isn’t actually very random, and in a way you can brute force reverse engineer the mosaic to reveal the contents before they were obscured.
It’s ok [...]
Fierce domain scan was born out of personal frustration after performing a web application security audit. It is traditionally very difficult to discover large swaths of a corporate network that is non-contiguous. It’s terribly easy to run a scanner against an IP range, but if the IP ranges are nowhere near one another you can [...]
This was a while ago, but once again unsurprising..The amount of security holes that have been discovered in MySpace (to say they hold some pretty confidential info and are a preying ground for paedos..it’s a scary thought).
Once again an XSS flaw shows up in MySpace.
digi7al64 found yet another hole in myspace using non-alpha-non-digit exploit. Again, [...]
sqlmap is an automatic blind SQL injection tool, developed in python, capable of enumerating an entire remote database, performing an active database fingerprint and much more. The aim of this project is to implement a fully functional database mapper tool which takes advantages of web application programming security flaws which lead to SQL injection vulnerabilities.
Features
Test [...]
A pretty cool song about RFID and RFID hacking from Monochrom.at.
Written and first performed at 23C3 (23rd Chaos Communication Congress) in December 2006 in Berlin as part of monochrom’s ‘Proto-Melodic Comment Squad’.
Users, there’s trouble ahead
I said users, it is totally sad
But users, the future lies in your hand
Cause it’s all about surveillance
Comrades, you don’t know [...]
THC-Hydra rocks, it’s pretty much the most up to date and currently developed password brute forcing tool around at the moment.
It supports a LOT of services and protocols too.
Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallelized login cracker which supports numerous protocols to attack. [...]
Solaris is pwned by a similar vulnerability to one discovered on AIX systems in 1994.
Yes people that’s 13 years ago…and Sun are still vulnerable, as reported by SANS.
The following will give you root on a lot of Solaris systems:
telnet -l “-froot†[hostname]
Cool eh?
The Internet Storm Center is urging system administrators to disable or restrict telnet [...]
AccessDiver is a security tester for WEB sites. It incorporates a set of powerful features which help you find and organize failures and weaknesses from your web site.
AccessDiver can detect security failures on your web pages. It has multiple efficient tools which will verify the robustness of your accounts and directories [...]
Google started the new year by fixing a serious vulnerability in Gmail.
This was quite an interesting case and once again (as everything relating to web apps seems to be nowdays) it was an XSS flaw that allowed malicious attackers to steal your contact list, leading to some pretty bad information leakage.
Google has fixed a vulnerability [...]
Yes it’s been exactly one year since Darknet was relaunched in it’s new form supported by Wordpress and a variety of posts about tools, tutorials and the latest news from the information security and specifically ethical hacking areas.
The first post of the new site:
Welcome to Darknet - The REBIRTH
It’s been an interesting year with 2 [...]
Feature Overview - The Secunia Software Inspector:
Detects insecure versions of applications installed
Verifies that all Microsoft patches are applied
Assists you in updating your system and applications
Runs through your browser. No installation or download is required.
How Does it Work:
The Secunia Software Inspector relies on carefully crafted “Secunia File Signatures” to recognise applications on your system. The detected [...]
As always, spam filters get better and smarter, but so do spammers..and frankly spammers have more to gain by beating the spam filters so they always work harder and think in more innovative ways.
As they get their spam resembling real emails more and more, the spam filters become less accurate.
On top of that they start [...]
Caecus is a unique tool which can bruteforce some OCR form based protections.
As far as we know at Darknet, this is the only publicly available OCR brute forcing tool.
These scripts generates a digital image as an extra layer of security called OCR. Some versions of this script also use session id’s to keep track [...]
Towards the end of last year Cafepress.com came under heavy DDoS attack (Distributed Denial of Service) which took it down for some time.
The problem with DDoS attacks is there’s not much you can do to prevent it, if that guy has enough zombies resulting in enough bandwidth, you are going down.
DDoS attacks have gotten pretty [...]
Introducing a pair of tools that go well together and give you some good control for HTTP transaction analysis and looking at the security of web applications.
Odysseus is a tool designed for testing the security of web applications.
Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy [...]
