New versions of the excellent pwdump6 and fgdump have been released (1.6.0 for both!).
For those that don’t know what pwdump or gfdump are..
pwdump6 is a password hash dumper for Windows 2000 and later systems. It is capable of dumping LanMan and NTLM hashes as well as password hash histories. It is based on pwdump3e, [...]
A while back Microsoft UK got hacked by some Saudi Hackers, Microsoft is always one of the top targets for renegades and ‘cyber-terrorists’ as the high profile nature of the company can give some publicity to their causes.
This was less than a month after Technet got owned.
I don’t think they are ever going to lay [...]
FireCAT is a Firefox Framework Map collection of the most useful security oriented extensions. It can be used to turn your favorite browser (Firefox) into a powerful security framework.
FireCAT comes from “Firefox Catalog of Auditing Toolbox”
Changes for FireCAT 1.1
+ Category Network Utililies
- Added ffsniff to subcat “Sniffers”
- Added CrossFTP to subcat FTP (thanks to Benjamin [...]
KGB Keylogger from Refog Software is a decent light weight Key Logger.
KGB Keylogger is a multi-functional keyboard tracking software that is widely used by both regular users and IT security specialists for tracking the key strokes typed on a given machine.
KGB Keylogger Features at a Glance
Stealth mode and visible mode of work;
Logs keyboard input, including [...]
Teredo is a platform-independent protocol developed by Microsoft, which is enabled by default in Windows Vista. Teredo provides a way for nodes located behind an IPv4 NAT to connect to IPv6 nodes on the Internet. However, by tunneling IPv6 traffic over IPv4 UDP through the NAT and directly to the end node, Teredo raises some [...]
Cross-site scripting (XSS) and SQL injection (SQLI) vulnerabilities are present in many modern web applications, and are reported continuously on pages such as BugTraq. In the past, finding such vulnerabilities usually involved manual source code audits.
Unfortunately, this manual vulnerability search is a very tiresome and error-prone task.
Pixy is a Java program that performs automatic [...]
The US Congress recently approved a bill that will make it illegal to spoof Caller ID in the USA.
A while back the FCC announced the wanted to crack down on Caller ID spoofing as it was still too easy.
The amount of the forfeiture penalty (…) shall not exceed $10,000 for each violation, or 3 times [...]
A pretty cool tool was released a while back called w3af ( Web Application Attack and Audit Framework ), a fully automated auditing and exploiting framework for the web. This framework has been in development for almost a year and has the following features:
Audit
SQL injection detection
XSS detection
SSI detection
Local file include detection
Remote file include detection
Buffer Overflow [...]
Ah more news about the insecurity of Vista and something we are all pretty aware of…the skewing of figures by Microsoft.
Microsoft apparently still hasn’t learned that counting vulnerabilities doesn’t establish some kind of ’security level’.
You can read the report here:
Vista 6 Month Vuln Report [PDF]
The Microsoft “researcher” claims that Windows Vista is exponentially less vulnerable [...]
After almost a year of intensive development and internal use, Immunity (The guys who bought us CANVAS) has announced the public release of Immunity Debugger v1.0. The main objective for this tool was to combine the best of commandline based and GUI based debuggers.
Immunity Debugger is a powerful new way to write exploits, analyze malware, [...]
The spam landscape has changed quite a lot in the last year or so with image spam and now the latest tactic is PDF and .zip attachments.
PDF’s of course being preferred by spammers as you don’t need to extract anything to view their spam, you just open it in your favourite PDF viewer and read [...]
So the latest news is that the RFID chips in electronically enabled passports are NOT encrypted, which bright spark came up with that idea?
Ok so you implement ‘more secure’ RFID passports, and leave all the data in plain text for anyone to tamper with – nice!
So what do you think they are gonna do about [...]
rtpBreak detects, reconstructs and analyzes any RTP [rfc1889] session through heuristics over the UDP network traffic. It works well with SIP, H.323, SCCP and any other signaling protocol. In particular, it doesn’t require the presence of RTCP packets (voipong needs them) that aren’t always transmitted from the recent VoIP clients.
The RTP sessions are composed by [...]
Elcomsoft is quite a well known firm when it comes to password ‘recovery’, I have used their products in the past when I was in a fix and I needed a password that had been, you know…lost.
They rose to fame in 2001 after cracking Adobe’s eBook format.
Recently they announced a fairly serious backdoor in Quicken [...]
Daniel has received his prices for winning the June competition.
Doesn’t he look smart!
He’s happy! I want a silver PSP too *sigh* so sad they give it to other people haha.
So keep commenting guys and keep up the good discussion, in the world of blogs you ‘tip’ the author by leaving comments. It makes us happy [...]
mssql-hax0r v0.9 is a Multi-purpose MS-SQL injection attack tool for advanced Microsoft SQL Server exploitation. Three modes of operation are currently available: info (Information Gathering), dump (Record Dump), and brute (Brute Force).
You may need to tweak the code a bit to make it fit your needs (i.e. modifying the injection string and/or the language used [...]
As we followed the Gary McKinnon case quite closely whilst it was happening, here’s the latest update.
At least he seems to be getting a break in the case as he’s won the right to have his extradition case heard by the House of Lords.
Gary McKinnon, the ex-systems administrator accused of conducting the biggest military hack [...]
XSS Warning is a extension/add-on for Firefox that filters malicious values to prevent Cross Site Scripting (XSS) attacks by malicious URLs (assuming you have Javascript enabled).
XSS Warning 0.1.8 beta protect from:
URL attack
Redirect attack
Link code injection
Compatible with Firefox: 1.5 – 2.0.0
You can install and read more about XSS Warning here:
http://www.gianniamato.it/project/extension/xsswarning/
Not just attempts, but 844 successful intrusions over the past two years, quite a scary statistic no?
They are actually having a subcommittee hearing entitled “Hacking the Homeland”.
This includes all kinds of intrusions including web site hacks, viruses, worms and other kinds of intrusion.
DHS and its constituent agencies have suffered more than 800 serious computer security [...]
Inguma is a penetration testing toolkit entirely written in python. The framework includes modules to discover hosts, gather information about, fuzz targets, brute force user names and passwords and, of course, exploits for many products.
Inguma the word is the name of a Basque’s mythological spirit who kills people while sleeping and, also, the one who [...]
