Archive | April, 2008


30 April 2008 | 11,222 views

CDPSnarf – CDP Packet Sniffer

CDPSnarf if a network sniffer exclusively written to extract information from CDP packets. It provides all the information a “show cdp neighbors detail” command would return on a Cisco router and even more. The application is written in C using the popular PCAP library. Sample Output Cisco AIR-AP1231G-E-K9 Access Point:

You can download CDPSnarf [...]

Continue Reading


29 April 2008 | 4,947 views

AV Firms Split Over Defcon Contest

Now this is a pretty interesting contest from the guys at Defcon, antivirus evasion! It’s a question that gets asked a LOT…how do I avoid AV? There are various ways to do it and I’ll be interested to see which are used in the contest, the most elegant solutions of course get better prizes. Security [...]

Continue Reading


28 April 2008 | 10,532 views

Technitium MAC Address Changer v4.8 Released for Download – Free

Technitium MAC Address Changer allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample information regarding each NIC in the machine. Every NIC has a MAC address hard coded in its circuit [...]

Continue Reading


25 April 2008 | 5,924 views

Chocolate Owns Your Passwords

The same old story, if you ask people for something they will most likely give it without thinking of the consequences.. Even more so if you are a pretty girl, and in this case you offer someone chocolate. Hey who doesn’t love chocolate? I have to say I don’t love it enough to give out [...]

Continue Reading


24 April 2008 | 9,573 views

Pass-The-Hash Toolkit v1.3 is Available for Download

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM [...]

Continue Reading


23 April 2008 | 6,344 views

Russia Heavy Handed Registration for Wifi

It seems like Russia wants to keep a tight reign on things, anything with Wifi capability must be licenses! That includes your phone…imagine having to apply for a permit to have a wireless AP at home? Rather ridiculous no? Business travellers to Russia might want to keep their laptops and iPhones well-concealed – not from [...]

Continue Reading


22 April 2008 | 21,605 views

WifiZoo v1.3 Released – Passive Info Gathering for Wifi

WifiZoo is a tool to gather wifi information passively. It is created to be helpful in wifi pentesting and was inspired by ‘Ferret‘ from Errata Security. The tool is intended to get all possible info from open wifi networks (and possibly encrypted also in the future, at least with WEP) without joining any network, and [...]

Continue Reading


21 April 2008 | 3,331 views

Shelling our way up

Everybody has a favorite shell; not so many under Windows as there are under Linux, but anyway… As most will tell you there favorite shell under Linux would be bash, as under Windows not really having what to chose from they would say cmd.exe (ok, bash can be used under Windows via cygwin, if I [...]

Continue Reading


21 April 2008 | 6,442 views

Microsoft Opens the Gates to Hack Their Web Services

It seems like Microsoft are starting to get serious about security, in a very progressive move they have said they are ok with ethical hackers finding security flaws in their online services. It’s been fairly ok so far to hack away at software installed on your own hardware, but hitting remotely hosted applications has been [...]

Continue Reading


18 April 2008 | 8,140 views

HDIV – Java Web Application Security Framework

HDIV (HTTP Data Integrity Validator) is a Java Web Application Security Framework. HDIV extends web applications’ behaviour by adding Security functionalities, maintaining the API and the framework specification. This implies that we can use HDIV in applications developed in Struts 1.x, Struts 2.x, Spring MVC and JSTL in a transparent way to the programmer and [...]

Continue Reading