Archive | July, 2008


31 July 2008 | 8,320 views

Site Guesses Your Gender via Browsing History

This is a pretty old issue, but this is an interesting new implementation of an old idea. Using your browser history and by matching your browsing habits the site attempts to guess your gender with a weighting system according to the gender demographics for a list of fairly popular sites. It’s not super accurate unless [...]

Continue Reading


30 July 2008 | 21,539 views

Pass-The-Hash Toolkit v1.4 Released for Download

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM [...]

Continue Reading


29 July 2008 | 9,313 views

Widespread Flaws in Online Banking Systems

After a recent survey it shows online banking may not be as secure as you might think. People tend to think banks are the pinnacle of security and that assumption continues to their websites. Sadly however, even in my own personal experience, the truth is far from that. Many many banks have flaws that can [...]

Continue Reading


28 July 2008 | 13,593 views

nUbuntu Development Kicking Off Again – Security LiveCD

We did mention nUbuntu long ago in our famous 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) article. After that it stopped development for quite some time, thankfully some new blood has picked it up and development has started again! With over a year of inactivity, the latest alpha of nUbuntu 8.04 has [...]

Continue Reading


25 July 2008 | 26,120 views

Exploit for Kaminsky DNS Bug Goes Wild

There has been a lot of hype about this one, but this flaw is a real threat and the working exploits are now available in the wild. To top that, they have already been ported into Metasploit! I hope all the major ISPs are in a patching frenzy right now and not thinking to themselves [...]

Continue Reading


24 July 2008 | 45,665 views

MoocherHunter – Detect & Track Rogue Wifi Users

MoocherHunterâ„¢ is a mobile tracking software tool for the real-time on-the-fly geo-location of wireless moochers and hackers. It’s included as part of the OSWA Assistant LiveCD we mentioned quite recently.’ I wanted to mention this tool separately as I think it’s very cool! MoocherHunterâ„¢ identifies the location of an 802.11-based wireless moocher or hacker by [...]

Continue Reading


23 July 2008 | 18,533 views

San Fransisco Mayor Regains Control of the Network

In the story we recently covered where Terry Childs had locked San Fransisco officials out of their own network, there is a new development. He’s handed over the passcode to the Mayor, Gavin Newsom. It seems he came to his senses and he also seems to have VERY little faith in the IT administration for [...]

Continue Reading


22 July 2008 | 79,415 views

TSGrinder – Brute Force Terminal Services Server

This is a tool that has been around quite some time too, it’s still very useful though and it’s a very niche tool specifically for brute forcing Windows Terminal Server. TSGrinder is the first production Terminal Server brute force tool, and is now in release 2. The main idea here is that the Administrator account, [...]

Continue Reading


21 July 2008 | 6,186 views

San Fransisco Officials Locked Out of Their Own Network

Another disgruntled IT worked causing mayhem, remember the guy that destroyed all the medical records? He got a pretty hefty sentence, now we have another who has locked everyone out of the new ‘state of the art’ computer network in San Fransisco – he’s on a $5 million dollar bail so I’d say he’s in [...]

Continue Reading


18 July 2008 | 8,981 views

Zodiac – DNS Protocol Monitoring and Spoofing Tool

Zodiac is a DNS protocol analyzation and exploitation program. It is a robust tool to explore the DNS protocol. Internally it contains advanced DNS routines for DNS packet construction and disassembling and is the optimal tool if you just want to try something out without undergoing the hassle to rewrite DNS packet routines or packet [...]

Continue Reading