Archive | June, 2007


29 June 2007 | 9,488 views

OAPScan – Oracle Application Server Scanner

We got an e-mail a while back about this new and apparently simple Oracle Application Server scanner. It detects web pages, DADs (Database Access Descriptors) and test applications installed by default. It may be useful for system hardening and pen-test. You can download OAPScan here: OAPScan.tar.gz

Continue Reading


28 June 2007 | 6,284 views

VBootkit Bypasses Vista’s Digital Code Signing

At Black Hat Europe (in Amsterdam) security experts from India (Nitin and Vipin Kumar of NV labs) demonstrated a special boot loader that gets around Vista’s code-signing mechanisms. Known as VBoot and launching from a CD and booting Vista it can make on-the-fly changes in memory and in files being read. In a demonstration, the [...]

Continue Reading


27 June 2007 | 10,776 views

ProxyFuzz – MITM Network Fuzzer in Python

ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. ProxyFuzz randomly changes (fuzzes) contents on the network traffic. It supports TCP and UDP protocols and can also be configured to fuzz only one side of the communication. ProxyFuzz is protocol agnostic so it can randomly fuzz any network communication. ProxyFuzz is a good tool [...]

Continue Reading


26 June 2007 | 11,601 views

The Kcpentrix Project – Penetration Testing Toolkit LiveDVD

The Kcpentrix Project was founded in May 2005 , KCPentrix 1.0 was liveCD designed to be a standalone Penetration testing toolkit for pentesters, security analysts and System administrators What’s New in KcPentrix 2.0 Now release 2.0 is a liveDVD, It features a lot of new or up to date tools for auditing and testing a [...]

Continue Reading


25 June 2007 | 6,899 views

Hackers Invited to Crack Internet Voting

This is some pretty interesting news, rather than trying to cover things up like normal during July the Philippine government will be soliciting hackers to test the security of their Internet voting system. I think it’s a great initiative from the International Foundation for Electoral System. Local and foreign computer hackers will be tapped to [...]

Continue Reading


22 June 2007 | 12,866 views

sqlninja 0.1.2 Released for Download – SQL Injection Tool

sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of [...]

Continue Reading


21 June 2007 | 9,559 views

AOL Has An Odd Password System

An interesting snippet from last month, AOL seems to have a strangely configued password system. Users can enter up to 16 characters as a password, but the system only reads the first 8 and discards the rest. They are basically truncating the password at 8 characters. A reader wrote in Friday with an interesting observation: [...]

Continue Reading


20 June 2007 | 13,241 views

Fake NetBIOS Tool – Simulate Windows Hosts

Some cool free tools made by folks from the French Honeynet Project. FakeNetBIOS is a family of tools designed to simulate Windows hosts on a LAN. The individual tools are: FakeNetbiosDGM (NetBIOS Datagram) FakeNetbiosNS (NetBIOS Name Service) Each tool can be used as a standalone tool or as a honeyd responder or subsystem. FakeNetbiosDGM sends [...]

Continue Reading


19 June 2007 | 5,950 views

Government Accountability Office Report Slams FBI Internal Security

Ah, FBI slammed again, it’s not the first time this has happened. Remember when a Consultant Breached FBI’s Computers? It also reminds me of when Homeland Security Scored an F for Internal Security AGAIN The Government Accountability Office, the federal government’s watchdog agency, Thursday released a report critical of the FBI’s internal network, asserting it [...]

Continue Reading


18 June 2007 | 24,240 views

Trinity Rescue Kit – Free Recovery and Repair for Windows

Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues. It is possible to boot TRK in three different ways: As a bootable CD which you can burn yourself from a downloadable isofile From a [...]

Continue Reading