Archive | August, 2007


31 August 2007 | 46,224 views

Download pwdump6 and fgdump version 1.6.0 available now.

New versions of the excellent pwdump6 and fgdump have been released (1.6.0 for both!). For those that don’t know what pwdump or gfdump are.. pwdump6 is a password hash dumper for Windows 2000 and later systems. It is capable of dumping LanMan and NTLM hashes as well as password hash histories. It is based on [...]

Continue Reading


30 August 2007 | 7,822 views

Microsoft UK Defaced by Saudi Hackers

A while back Microsoft UK got hacked by some Saudi Hackers, Microsoft is always one of the top targets for renegades and ‘cyber-terrorists’ as the high profile nature of the company can give some publicity to their causes. This was less than a month after Technet got owned. I don’t think they are ever going [...]

Continue Reading


29 August 2007 | 10,268 views

FireCAT 1.1 Released – Turn Firefox into a Security Platform

FireCAT is a Firefox Framework Map collection of the most useful security oriented extensions. It can be used to turn your favorite browser (Firefox) into a powerful security framework. FireCAT comes from “Firefox Catalog of Auditing Toolbox” Changes for FireCAT 1.1 + Category Network Utililies – Added ffsniff to subcat “Sniffers” – Added CrossFTP to [...]

Continue Reading


28 August 2007 | 19,764 views

KGB Keylogger from Refog Software – Review

KGB Keylogger from Refog Software is a decent light weight Key Logger. KGB Keylogger is a multi-functional keyboard tracking software that is widely used by both regular users and IT security specialists for tracking the key strokes typed on a given machine. KGB Keylogger Features at a Glance Stealth mode and visible mode of work; [...]

Continue Reading


28 August 2007 | 7,268 views

Vista Security Feature – Teredo Protocol Analysis

Teredo is a platform-independent protocol developed by Microsoft, which is enabled by default in Windows Vista. Teredo provides a way for nodes located behind an IPv4 NAT to connect to IPv6 nodes on the Internet. However, by tunneling IPv6 traffic over IPv4 UDP through the NAT and directly to the end node, Teredo raises some [...]

Continue Reading


27 August 2007 | 10,142 views

Pixy – New & Free Open-source XSS and SQL Injection Scanner for PHP Programs

Cross-site scripting (XSS) and SQL injection (SQLI) vulnerabilities are present in many modern web applications, and are reported continuously on pages such as BugTraq. In the past, finding such vulnerabilities usually involved manual source code audits. Unfortunately, this manual vulnerability search is a very tiresome and error-prone task. Pixy is a Java program that performs [...]

Continue Reading


23 August 2007 | 16,729 views

Caller ID Spoofing to be Made Illegal in the USA

The US Congress recently approved a bill that will make it illegal to spoof Caller ID in the USA. A while back the FCC announced the wanted to crack down on Caller ID spoofing as it was still too easy. The amount of the forfeiture penalty (…) shall not exceed $10,000 for each violation, or [...]

Continue Reading


22 August 2007 | 10,697 views

w3af – Web Application Attack and Audit Framework

A pretty cool tool was released a while back called w3af ( Web Application Attack and Audit Framework ), a fully automated auditing and exploiting framework for the web. This framework has been in development for almost a year and has the following features: Audit SQL injection detection XSS detection SSI detection Local file include [...]

Continue Reading


21 August 2007 | 5,684 views

Vista Security Claims Debunked – Figures Skewed

Ah more news about the insecurity of Vista and something we are all pretty aware of…the skewing of figures by Microsoft. Microsoft apparently still hasn’t learned that counting vulnerabilities doesn’t establish some kind of ‘security level’. You can read the report here: Vista 6 Month Vuln Report [PDF] The Microsoft “researcher” claims that Windows Vista [...]

Continue Reading


20 August 2007 | 19,512 views

Immunity Debugger v1.0 (immdbg) Release – Download it Now!

After almost a year of intensive development and internal use, Immunity (The guys who bought us CANVAS) has announced the public release of Immunity Debugger v1.0. The main objective for this tool was to combine the best of commandline based and GUI based debuggers. Immunity Debugger is a powerful new way to write exploits, analyze [...]

Continue Reading