Archive | November, 2007


15 November 2007 | 4,350 views

Doubleclick Involved in Malware Distribution

We recently reported on thousands of people being hooked by big sites distributing malware, it now seems Doubleclick was the one at fault. It’s a pretty neat trick and a good spin on Social Engineering leveraging on the trustworthy nature of the sites. CNN even? Rogue anti-spyware software that pushes fraudulent PC scans has found [...]

Continue Reading


14 November 2007 | 8,436 views

Inguma 0.0.5 Released for Download – Penetration Testing Toolkit

Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler. We did mention it back in August when it first hit the streets. With new QT interface: If you haven’t used [...]

Continue Reading


13 November 2007 | 5,325 views

‘Security Consultant’ Caught for Running Large Bot Network

Apparently he stopped his naughty activities back in 2006, but still…a guy that is supposed to securing machines was installing malware and had a bot totaling about a quarter of a million zombies. Most used for info gathering, Paypal accounts and installing Malware for comission, he claims to have made $19,000 in a week installing [...]

Continue Reading


12 November 2007 | 18,256 views

WifiZoo v1.2 – Gather Wifi Information Passively

WifiZoo is a tool to gather wifi information passively. Similar to dsniff but for wireless work, the author wanted to do something wifi-related somewhat helpful in wifi pentesting. Something of an extension of Ferret from Errata. It’s essentially a tool to get information from open wifi networks without joining any network, and covering all wifi [...]

Continue Reading


10 November 2007 | 11,550 views

Skavenger – source code auditing tool!

Skavenger? Yes, because scavenger is already used?!? What is skavenger? Skavenger is a source code auditing tool, firstly though for php, but also used for any kind of source code file; as long as you know what to look for… Yes I thought is as a replacement tool for egrep/sed under Windows! because not everybody [...]

Continue Reading


09 November 2007 | 34,722 views

Graphics Cards – The Next Big Thing for Password Cracking?

Interesting research from Elcomsoft, using the parallel processing capacity of graphics cards to speed up the password cracking process. Pretty inventive thinking, as graphics cards get more and more powerful, and they are created to do massive parallel tasks for all the latest and greatest games, why not apply it to password cracking! A technique [...]

Continue Reading


08 November 2007 | 3,975 views

untidy – XML Fuzzer

Seen as though untidy was mentioned again fairly recent, it sparked my memory that I have a fairly old draft regarding untidy the XML Fuzzer. Fuzzing is definitely becoming an important part of Pen Testing and especially application security – we’ve published about quite a few and I’m sure there are more in development. Anyway, [...]

Continue Reading


07 November 2007 | 2,860 views

October Commenter of the Month Competition Winner!

Competition time again! We unfortunately lost quite a few comments due to the server crash in early October, but activity after that was pretty good with some excellent quality comments. As you know we started the Darknet Commenter of the Month Competition on June 1st and it ran for the whole of June and July. [...]

Continue Reading


07 November 2007 | 3,624 views

Thousands Hooked by Malware from Big Sites

If I recall this is not the first time this has happened, delivering viral payloads via banner ads and flaws in scripting. It seems that malware peddlers are getting more aggressive though, it obviously shows there is actual monetary value in infecting people and stealing their data. A subtle form of social engineering too, by [...]

Continue Reading


06 November 2007 | 6,762 views

WSBang – Python Based SOAP Services Testing Tool

WSBang is designed to be a lightweight, open source fuzzer for web services. It takes as input the URL or file system location of a WSDL for the web service to be tested. Upon completion, a simple HTML view of the test results will be displayed. Method parameters are fuzzed based on their type as [...]

Continue Reading