Archive | February, 2007


28 February 2007 | 8,835 views

Sun Solaris 10 – Free Offer – Media DVD

It’s good to have a variety of Operating Systems in your hacking lab at home, it helps you get familiar with them..as to break things, you have to know how they work first. So get to know Solaris, they have some pretty neat security related software inside their OS and generally are pretty good when [...]

Continue Reading


26 February 2007 | 18,799 views

ADTool – Active Directory Domain Listing Tool

ADtool is a neat tool to help you list all the machines that are part of an Active Directory driven domain or network. It is intended to help pentesters and admins in their day to day work, there are some other tools that can accomplish the work for listing domain servers, but unfortunately all other [...]

Continue Reading


25 February 2007 | 4,758 views

Defense Workers Warned About Spy Coins for Espionage

This is a pretty cool new development, something straight out of a Tom Clancy thriller or a spy/hacker movie. Introducing Spy Coins! People are actually being warned about picking up stray coins as they might have surveillance devices inside. Can the coins jingling in your pocket trace your movements? The Defense Department is warning its [...]

Continue Reading


23 February 2007 | 7,835 views

LFT – Layer Four Traceroute and WhoB

LFT LFT, short for Layer Four Traceroute, is a sort of ‘traceroute’ that often works much faster (than the commonly-used Van Jacobson method) and goes through many configurations of packet-filters (firewalls). More importantly, LFT implements numerous other features including AS number lookups through several reliable sources, loose source routing, netblock name lookups, et al. What [...]

Continue Reading


22 February 2007 | 5,025 views

Serious XSS Flaw in Google Desktop Allows Data Theft

Google has fixed a security flaw in its desktop search software that created a means for hackers to rifle through personal files on users’ PCs. A failure in Google Desktop to “properly encode output containing malicious or unexpected characters” created a means for hackers to cross from the web environment to the desktop application environment. [...]

Continue Reading


21 February 2007 | 3,788 views

Why Blurring or Mosaicing Important Information is a BAD Idea

I saw a pretty interesting article a few days attempting to reverse engineer the mosaic tool used often online to obscure sensitive or confidential information. The article shows that the mosaic isn’t actually very random, and in a way you can brute force reverse engineer the mosaic to reveal the contents before they were obscured. [...]

Continue Reading


20 February 2007 | 11,109 views

Fierce Domain Scanner Released – Domain Reconnaissance Tool

Fierce domain scan was born out of personal frustration after performing a web application security audit. It is traditionally very difficult to discover large swaths of a corporate network that is non-contiguous. It’s terribly easy to run a scanner against an IP range, but if the IP ranges are nowhere near one another you can [...]

Continue Reading


19 February 2007 | 10,272 views

Another 0-day MySpace XSS Exploit

This was a while ago, but once again unsurprising..The amount of security holes that have been discovered in MySpace (to say they hold some pretty confidential info and are a preying ground for paedos..it’s a scary thought). Once again an XSS flaw shows up in MySpace. digi7al64 found yet another hole in myspace using non-alpha-non-digit [...]

Continue Reading


17 February 2007 | 14,953 views

sqlmap – Automated Blind SQL Injection Tool

sqlmap is an automatic blind SQL injection tool, developed in python, capable of enumerating an entire remote database, performing an active database fingerprint and much more. The aim of this project is to implement a fully functional database mapper tool which takes advantages of web application programming security flaws which lead to SQL injection vulnerabilities. [...]

Continue Reading


15 February 2007 | 56,401 views

The RFID Song from Monochrom

A pretty cool song about RFID and RFID hacking from Monochrom.at. Written and first performed at 23C3 (23rd Chaos Communication Congress) in December 2006 in Berlin as part of monochrom’s ‘Proto-Melodic Comment Squad’. Users, there’s trouble ahead I said users, it is totally sad But users, the future lies in your hand Cause it’s all [...]

Continue Reading