Archive | September, 2008


30 September 2008 | 34,389 views

Pro ATM Hacker ‘Chao’ Gives Out ATM Hacking Tips

It seems like ATM hacking is still the way to go for those into a bit of hardware hacking. One of the most notorious and well known ATM hackers was recently arrest in Turkey and a list of his tips discovered online where he also sold the ATM skimming equipment. Well his tips can’t be [...]

Continue Reading


29 September 2008 | 9,545 views

dnsscan – DNS Open Recursive Resolver Scanner/Scanning Tool

Dnsscan is a tool for finger printing open recursive resolvers. It runs in conjuction with a small server that knows how to reply to queries forwarded from probed resolvers. For example, assume that you have delegated osd.example.org:

On 10.0.0.1, you would run:

On the client that initiates the DNS probes, you would run [...]

Continue Reading


26 September 2008 | 7,963 views

Brits Give Up Passwords For a £5 Gift Voucher

So it turns out you don’t need any fancy password cracking software like John the Ripper or Cain and Abel you just need a handful of £5 gift vouchers for Marks and Spencers! But we had discussed this in part before, some people will give out their passwords if you just ask, some if you [...]

Continue Reading


25 September 2008 | 34,774 views

BSQL Hacker – Automated SQL Injection Framework

BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities in virtually any database. It ships with Automated Attack modules which allows the dumping of whole databases for the following DBMS: MS-SQL Server ORACLE MySQL (experimental) Attack Templates for: MS Access MySQL ORACLE PostgreSQL MS-SQL Server Also you can [...]

Continue Reading


24 September 2008 | 3,202 views

Intercage – Spam/Malware Friendly ISP Back Online

There has been a big hoo-haa recently about a US ISP called Intercage who have said to have been harbouring spammers and scammers via their largest client an Eastern European webhost called Esthost. Their plug got pulled 2 days ago by the upstream provider IP transit provider UnitedLayer after weeks of criticism from the community [...]

Continue Reading


23 September 2008 | 8,101 views

ohrwurm – RTP Fuzzing Tool (SIP Phones)

ohrwurm is a small and simple RTP fuzzer, it has been tested it on a small number of SIP phones, none of them withstood the fuzzing. Features: reads SIP messages to get information of the RTP port numbers reading SIP can be omitted by providing the RTP port numbers, so that any RTP traffic can [...]

Continue Reading


22 September 2008 | 23,384 views

Modern Exploits – Do You Still Need To Learn Assembly Language (ASM)

This is a fairly interesting subject I think as a lot of people still ask me if they are entering the security field if they still need to learn Assembly Language or not? For those that aren’t what it is, it’s pretty much the lowest level programming languages computers understand without resorting to simply 1’s [...]

Continue Reading


19 September 2008 | 9,324 views

Surf Jack – Cookie Session Stealing Tool

A tool which allows one to hijack HTTP connections to steal cookies – even ones on HTTPS sites! Works on both Wifi (monitor mode) and Ethernet. Features: Does Wireless injection when the NIC is in monitor mode Supports Ethernet Support for WEP (when the NIC is in monitor mode) Known issues: Sometimes the victim is [...]

Continue Reading


18 September 2008 | 5,019 views

Web Application Security Statistics for 2008

Purpose The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. We ascertain which classes of attacks are the most [...]

Continue Reading


17 September 2008 | 5,091 views

psad – Intrusion Detection and Log Analysis with iptables

psad is a collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic. A typical deployment is to run psad on the iptables firewall where it has the fastest access to log data. psad [...]

Continue Reading