Archive | November, 2008


12 November 2008 | 16,496 views

Samurai Web Testing Framework – Web Application Security LiveCD

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use [...]

Continue Reading


11 November 2008 | 18,852 views

WPA Wi-Fi Encryption Scheme Partially Cracked

Well WEP came down long ago, it was only a matter of time before the standard that succeeded it fell too – WPA. The big news last week was that WPA has been cracked finally, it’ll be discussed this week at the PacSec Conference. After the insecurity of WEP was exposed the majority of routers [...]

Continue Reading


07 November 2008 | 9,855 views

SARA – Security Auditor’s Research Assistant – Network Analysis Tool

This tool has been around for a LONG time in some form or another, some of you old-skool guys may remember a package called SATAN, this was the best semi-automatic security analysis tool around back then. From SATAN and it’s development came SARA, which is now in it’s 3rd generation. Advanced Research’s philosophy relies heavily [...]

Continue Reading


06 November 2008 | 3,635 views

Malware Authors Jumping on the Obama Bandwagon

No surprise here, the malware authors are leveraging on the social engineering aspect of the US presidential elections. In less than half a day Google Adwords adverts and custom malware was popping up conning users into a sense of security by using Obama’s name. Malware purveyors have wasted no time capitalizing on Barack Obama’s landslide [...]

Continue Reading


05 November 2008 | 11,737 views

MultiInjector – Automated Stealth SQL Injection Tool

MultiInjector claims to the first configurable automatic website defacement software, I’m not sure if that’s a good thing – or a bad thing. But well here it is anyway. Features Receives a list of URLs as input Recognizes the parameterized URLs from the list Fuzzes all URL parameters to concatenate the desired payload once an [...]

Continue Reading


04 November 2008 | 11,302 views

Twitter Squatting – The New Domain Jacking?

It seems the latest target for spammers, opportunists and those into Domain Squatting is the registration of interesting or possibly valuable Twitter usernames. Twitter has exploded recently as a new ‘micro-blogging’ platform and it works really well, especially when combined with more traditional blogging and the host of tools that have been build around Twitter [...]

Continue Reading


03 November 2008 | 34,794 views

Gooscan – Automated Google Hacking Tool

Whilst reading an article the other day I saw this mentioned and realised I haven’t written about this yet either, although I have written about the similar tool Goolag. What is Gooscan? Gooscan is a tool that automates queries against Google search appliances, but with a twist. These particular queries are designed to find potential [...]

Continue Reading