As mentioned in the previous FireCAT 1.1 post, FireCAT 1.2 was released last month.
If you aren’t aware, FireCAT is a Firefox Framework Map collection of the most useful security oriented extensions.

Changes for FireCAT 1.2

Renamed subcategory “Social Engineering” to “Data mining”
Bibirmer updated location (thanks to Zagrodzki Krzysztof from Telekomunikacja Polska)
Enhanced History Manager (to new subcategory Misc [...]

A while back it was discovered that some ISPs have taken to inserting ads into web pages you are viewing, these are ads from the ISP you are using (AND PAYING FOR) not ads from the content provider or site that you are viewing.
Some ISPs are resorting to a new tactic to increase revenue: inserting [...]

Wanna work on a web reconnaissance tool?
Want to have your name in readme file?
Got bored and want to help somebody?
Well then darknet readers this is your chance, because I need people to help me on a project I started a while ago called Website Anatomy, to find out what it is about check out the [...]

What is this?
Metagoofil is a tool for written in Python for extracting the metadata from public documents (pdf,doc,xls,ppt) available in the target websites. This information could be useful because you can get valid usernames, or people names, for using later in brute force password attacks (vpn, ftp, webapps etc.)

How it works?
The tool first queries Google [...]

So I’ve got a VPS set-up for Darknet, it’s not quite a dedicated server or a co-lo but it’s pretty close and it’s much more affordable!
Can’t beat a bit of root access so I can rysnc things off to another box.
The box will be backed up off-site every day anyway, and I’ll pull back-ups daily [...]

If you remember a while back we mentioned PDF & Image Attachment Spam - The New Problem with E-mail, now we have another ‘innovation’ in spamming..
MP3 spam!
It seems they are using it for the same old pump and dump tactics (Microcap stock fraud) to artificially inflate stock prices then sell out fast.

Spammers are back with [...]

CORE GRASP for PHP is a web-application protection software aimed at detecting and blocking injection vulnerabilities and privacy violations.
As mentioned during its presentation at Black Hat USA 2007, GRASP is being released as open source under the Apache 2.0 license.
The present implementation protects PHP 5.2.3 against SQL-injection attacks for the MySQL engine, it can be [...]

It seems India are getting serious about terrorist activities being co-ordinated via the Internet, they are starting to run extremely deep surveillance on many cyber-cafes in Mumbai.
The solution appears to be some kind of ‘legal’ trojan system that will collect logs and send them to the police.

The Mumbai police will soon have khabris deployed (not [...]

HttpBee is a swiss-army-knife tool for web application hacking. It is multi-threaded, embedded with scriptable engine and has both command-line and daemon mode (if executed in daemon mode, HttpBee can become an agent of a distributed framework).
This is a tool for more advanced users and there isn’t much documentation so if anyone feels like writing [...]

This is not exactly new news either, these kind of toolkits have been on sale for a long time, virus generators, trojan toolkits, now they are getting more polished, more stream-lined, more expensive and more easily available.
News of them is hitting the mainstream media..

Malicious hackers are producing easy to use tools that automate attacks to [...]

Ok I’ve just painstakingly restored all the posts I could find since September 10th until now from Google Cache.
I’ve worked out the maximum posts missing would be 1 as I could get the cache back to September 12th and the latest post before that is September 10th, or I might not have posted on September [...]

Heard about the recent server crash, and I also fell a bit alerted by this incident, because I as the web hosting providers don’t do regular backup…. anyway what am I going to talk about now? Bookmarklets, we all know them, there new, hip, and full of color ….
What are bookmarklets? Little javascript snippets that [...]

There was a massive failure on our web-host resulting in almost 100% data loss, our own back-up was from September 10th so we are trying to restore the site to full capacity as we speak.
It’s in a bit of a mess at the moment, but we’ll get it back up to speed at latest by [...]

SSA (Security System Analyzer) is free non-intrusive OVAL-Compatible software. It provides security testers, auditors with an advanced overview of the security policy level applied.

Features :

OVAL-compatible product
SCAP (Security Content Automation Protocol)
Perform a deep inventory audit on installed softwares and applications

Scan and map vulnerabilities using non-intrusive techniques based on schemas
Detect and identify missed patches and hotfixes
Define a [...]

It seems like spammers, scammers, phishers and now malware authors are starting to leverage blogs more and more, especially Blogger/Blogspot as Google tend to be quite slow in responding and sometimes don’t respond at all.
This makes it an ideal platform for dodgy behaviour as the crooks have adequate lead time to con/infect people before they [...]

SQL Power Injector is a graphical application created in .NET 1.1 that helps the penetrating tester to inject SQL commands on a web page.
For now it is SQL Server, Oracle and MySQL compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal mode).
Moreover this application will get [...]

This has been floating around for a while and you might have noticed a warning on some German based security sites that they’ve had to move their tools due to this new legislation known as 202(c) - a couple of examples are KisMAC and Phenoelit.
Basically the new law prohibits manufacturing, programming, installing, or spreading software [...]

This is a cool tool I found recently amongst all the flame wars in the security mailing lists, someone developed this tool to profile the semantics of text.
Basically you pump in a load of e-mails from a known source, then compare it to the anonymous socks and see what probability it is that they are [...]

Competition time again! It wasn’t that close this month, activity seems to have dropped off a bit, but we had a wider variety of comments and some good quality - which is important!
As you know we started the Darknet Commenter of the Month Competition on June 1st and it ran for the whole of June [...]

The purpose of the scoring scale CCWAPSS is to share a common evaluation method for web application security assessments/pentests between security auditors and final customers.
This scale does not aim at replacing other evaluation standards but suggests a simple way of evaluating the security level of a web application.
CCWAPSS is focused on rating the security level [...]