FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment
You can find an online map of Firecat v1.4 here.
Changes for version 1.4

Information Gathering (Enumeration and Fingerprinting)

Passive Recon : PassiveRecon allows Information Security professionals the ability to perform “packetless” discovery of target [...]

After McColo was partially disconnected from the Internet by it’s peers global spam dropped noticeably.
It seems however that the spam was emanating from a zombie network and the control servers were hosted by McColo, the creators of the botnet (Srizbi) were smart about it though and built a fail-safe system into the the malware.
It should [...]

Browser Rider is a hacking framework to build payloads that exploit the browser. The project aims to provide a powerful, simple and flexible interface to any client side exploit.

Browser Rider is not a new concept. Similar tools such as BeEF or Backframe exploited the same concept. However most of the other existing tools out there [...]

It’s a sad case when someone loses their career over an incidnet which was outside of their control, not everyone can be expected to keep their computers free of spyware and malware.
It just doesn’t happen.
Unfortunately for Julie Amero, she got some porn pop-ups at the wrong time in a class full of students. If you [...]

ike-scan is a command-line tool for discovering, fingerprinting and testing IPsec VPN systems. It constructs and sends IKE Phase-1 packets to the specified hosts, and displays any responses that are received.

ike-scan allows you to:

Send IKE packets to any number of destination hosts, using a configurable output bandwidth or packet rate. (This is useful for VPN [...]

Another teen hacker in the news, this guy looks like he has some formidable skills though with the list of crimes he’s perpetrated.
He’s pleaded guilty though, so he should get a reduced sentence and he’s still classified as a juvenile offender being only 17 – so that works in his favour too.

A juvenile hacker with [...]

The Microsoft Security Assessment Tool (MSAT) is a free tool designed to help organizations like yours assess weaknesses in your current IT security environment, reveal a prioritized list of issues, and help provide specific guidance to minimize those risks. MSAT is an easy, cost-effective way to begin strengthening the security of your computing environment and [...]

You might recall we reported a while ago about ’spam friendly’ ISP Intercage coming back online after having their plug pulled by upstream provider UnitedLayer.
They pledged to clean up their act though and drop their biggest client who was an Eastern European malware and phishing host.
This time another ISP has been suspected of hosting sites [...]

Maltego is an open source intelligence and forensics application. It allows for the mining and gathering of information as well as the representation of this information in a meaningful way.
Coupled with its graphing libraries, Maltego, allows you to identify key relationships between information and identify previously unknown relationships between them. It is a must-have tool [...]

This is an interesting story, I’ll be watching how it develops – it’s not often you see a bounty for online crimes and especially one as enticing as 1 million dollars!
That’s a hell of a sum for nailing down some dodgy hackers who are running an extortion scam after a data leak.
I really wonder where [...]

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use [...]

Well WEP came down long ago, it was only a matter of time before the standard that succeeded it fell too – WPA. The big news last week was that WPA has been cracked finally, it’ll be discussed this week at the PacSec Conference.
After the insecurity of WEP was exposed the majority of routers and [...]

This tool has been around for a LONG time in some form or another, some of you old-skool guys may remember a package called SATAN, this was the best semi-automatic security analysis tool around back then. From SATAN and it’s development came SARA, which is now in it’s 3rd generation.

Advanced Research’s philosophy relies heavily on [...]

No surprise here, the malware authors are leveraging on the social engineering aspect of the US presidential elections.
In less than half a day Google Adwords adverts and custom malware was popping up conning users into a sense of security by using Obama’s name.

Malware purveyors have wasted no time capitalizing on Barack Obama’s landslide victory in [...]

MultiInjector claims to the first configurable automatic website defacement software, I’m not sure if that’s a good thing – or a bad thing.
But well here it is anyway.

Features

Receives a list of URLs as input
Recognizes the parameterized URLs from the list
Fuzzes all URL parameters to concatenate the desired payload once an injection is successful
Automatic defacement – [...]

It seems the latest target for spammers, opportunists and those into Domain Squatting is the registration of interesting or possibly valuable Twitter usernames.
Twitter has exploded recently as a new ‘micro-blogging’ platform and it works really well, especially when combined with more traditional blogging and the host of tools that have been build around Twitter to [...]

Whilst reading an article the other day I saw this mentioned and realised I haven’t written about this yet either, although I have written about the similar tool Goolag.
What is Gooscan?
Gooscan is a tool that automates queries against Google search appliances, but with a twist. These particular queries are designed to find potential vulnerabilities on [...]