Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.
The tool is based on dictionaries and ranges, you choose where you want to bruteforce [...]
Seems like a social engineering type attack again relying on human ignorance and stupidity. Based around some kind of malware reporting back to a central repository.
Remember kids if a deal is too good to be true…it isn’t.
Hackers stole information from the U.S. Department of Transportation and several U.S. companies by seducing employees with fake job-listings [...]
Babel Enterprise is a systems auditing tool. Babel performs a security level check of the machine, or hardening. The check consists of a number of auditing tests that obtain a snap of the security status of each machine. The result is a security index of the system that is given after each execution. It a [...]
An interesting happening this week, some ISP’s have been jacking the DNS entries for certain IRC networks to crack down on zombie/bot infections.
Is it ethical? Should they be doing this to their users?
I first got wind of this from a post on Full Disclosure mailing list from an IRC network administrator.
You can read that e-mail [...]
Dr.Morena is a tool to confirm the rule configuration of a Firewall.
The configuration of a Firewall is done by combining more than one rule. Sometimes a rule configuration may reside in a place other than the basic rule configuration place. In such a case, it is difficult to confirm whether it is an intended configuration [...]
Since Ubuntu is getting so fantastically popular nowadays I thought this might be useful to some of you.
I personally think Ubuntu is great, the features, ease of installation, stability and especially the work they have done on things like wireless drivers make it a breeze to get up and running.
It is a pretty secure distro [...]
Piggy is yet another tool for performing online password guessing against Microsoft SQL servers.
It supports scanning multiple servers using a dictionary file or a file with predefined accounts (username and password combinations).
It’s a pretty simple tool and has a Win32 binary verson – it is a command line tool however.
Piggy v1.0.1 by patrik@cqure.net
——————————–
usage: piggy [options]
options:
[...]
There is a virus on the net from a long time, the damage inflicted by it is unstoppable, or at least that was though, check it out yourself
…just kidding, it does not exist but such a virus would be something great =)
Metasploit is a great tool, but it’s not the easiest to use and some people get completely lost when trying to get the most out of it.
To help you guys out here is a bunch of links, videos, tutorials and documents to get you up to speed.
You can start with this, a good flash tutorial [...]
The Firewall Tester (FTester) is a tool designed for testing firewalls filtering policies and Intrusion Detection System (IDS) capabilities.
The tool consists of two perl scripts, a packet injector (ftest) and the listening sniffer (ftestd). The first script injects custom packets, defined in ftest.conf, with a signature in the data part while the sniffer listens for [...]
The scariest type of all, hardware vulnerabilities. Security guru and creator of OpenBSD Theo de Raadt recently announced he had found some fairly serious bugs in the hardware architecture of Intel Core 2 Duo processors.
He goes as far as saying avoid buying a C2D processor until these problems are fixed.
A prominent software developer with a [...]
Sandcat allows web administrators to perform aggressive and comprehensive scans of an organization’s web server to isolate vulnerabilities and identify security holes.
The Sandcat scanner requires basic inputs such as host names, start URLs and port numbers to scan a complete web site and test all the web applications for security vulnerabilities.
This is a pretty nifty [...]
It not surprising SQL Injection and database hacking are getting more frequent as people ramp up perimeter security more often than not they forget about interior security, software application security and most of all database security.
Of the 2007 total corporate IT budget, respondents said they have allocated 34 percent for database infrastructure and 20.6 percent [...]
FG-Injector Framework is a set of tools designed to help find SQL injection vulnerabilities in web applications, and help the analyst assess their severity. It includes a powerful proxy feature for intercepting and modifying HTTP requests, and an inference engine for automating SQL injection exploitation.
Often web developers think that by disabling error messages in their [...]
Some light entertainment for once.
You all leet.
The government better watch out, RAMZI IS IN THE HIZZOUSE.
I thanksyou all.
Phew.
For this article you should thank Patrick Ogenstad and his comment on my post , because I did not know about PowerShell until he mentioned about it… so a white point for him =)
The parts that will follow are snippets from the Getting Started document that comes with it…
Abstract
Windows PowerShell™ is a new Windows command-line [...]
The Pentagon got owned pretty hard with 1,500 accounts being taken offline due to a hack attack. For once however they did admit the incident and didn’t try to cover it over or brush it off.
I guess the amount of attacks they get is exponentially more than other networks…but still, I would have thought they [...]
sqlget is a blind SQL injection tool developed in Perl, it lets you get databases schemas and tables rows. Using a single GET/POST you can access quietly the database structure and using a single GET/POST you can dump every table row to a csv-like file.
Databases supported:
IBM DB2
Microsoft SQL Server
Oracle
Postgres
Mysql
IBM Informix
Sybase
Hsqldb
Mime
Pervasive
Virtuoso
SQLite
Interbase/Yaffil/Firebird (Borland)
H2
Mckoi
Ingres
MonetDB
MaxDB
ThinkSQL
SQLBase
Evasion features:
Full-width/Half-width Unicode encoding
Apache non [...]
It seems after a brief scan that about 80% of sites contain common flaws that allows them to be compromised in some way, most often to create phishing sites, steal data and hijack info about clients.
An amazing 30% contain a serious vulnerability.
Eight out of ten Web sites contain common flaws that can allow attackers to [...]
ProxMon is an extensible Python based framework that reduces testing effort, improves consistency and reduces errors. Its use requires limited additional effort as it processes the proxy logs that you’re already generating and reports discovered issues. In addition to penetration testing, ProxMon is useful in QA, developer testing and regression testing scenarios.
Formerly announced as ScarabMon [...]
