Well it’s December 31st again that means shortly another year will be over and we will be ushering in 2009.
Let’s hope for another year full of exciting tools, new developments, more Microsoft exploits (and timely patches) and interesting issues to discuss.
I’d like to take this chance to thank you all for your continuing support, comments [...]

Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, downstream proxies, logging, alerting and extensibility.
Burp Suite [...]

Merry xmas everyone, here is the year end summary of retarded e-mails. We have had a splendid amount of retarded comments recently too and some decent e-mails too (but all asking the same thing “How do I start learning to be a hacker, what should I do, what should I read etc..I’ll write a post [...]

Another big flaw has been discovered in Microsoft software just a few days after they broke their patch cycle to issue a patch for the IE bug that allowed remote code execution.
This time however it doesn’t really effect home users or the general consumer, it’s a more specific server side vulnerability affecting Microsoft SQL Server [...]

You might remember a while ago we posted about MultiInjector which claims to the first configurable automatic website defacement tool, it got quite a bit of interest and shortly after that it was updated. Anyway, good or bad I think people deserve to know what is out there.

Features

Receives a list of URLs as input
Recognizes the [...]

A lot of companies are moving towards virtualization, blade servers and sharing hardware components makes sense when you can have multiple logical servers on one physical machine. I’ve used VMWare in a few situations myself but mostly I don’t see a real requirement for using virtual machines (apart from hosting with a VPS).
There have always [...]

sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back end database management system [...]

Well it has happened before, quite recently in fact – back in October Microsoft rushed out a patch for the RPC exploit, which was the first time in 18 months they had issued an out of band patch.
Now just a couple of months later they are releasing another one (which should be available today – [...]

An interesting collection of tools for pen-testing including a DoS tool (something you don’t often see publicly released).
Complemento is a collection of tools that the author originally created for his own personal toolchain for solving some problems or just for fun. Now he has decided to release it to the public.
The Tools

LetDown is a TCP [...]

I’m sure you’ve heard about the Microsoft IE7 Exploit that allows Remote Code Execution on XP & Vista, it turns out it’s actually much worse than first expected.
The exploit also affects IE5.01, IE6 and IE8 on all OS versions! That’s a pretty worrying turn of events for MS especially as they are seemingly leaving it [...]

sapyto is the first SAP Penetration Testing Framework, sapyto provides support to information security professionals in SAP platform discovery, investigation and exploitation activities.
sapyto is periodically updated with the outcome of the deep research on the various security aspects in SAP systems.

Although sapyto is a versatile and powerful tool, it is of major importance for it [...]

It seems a new, fairly serious flaw has been discovered in Internet Explorer 7 – and as accounts go it’s been around for a couple of months in the underground.
The worrying part is, patch Tuesday was yesterday and after testing it’s been discovered that this flaw WAS NOT patched in the updates.
ISC reports that it’s [...]

To continue with some software targeted towards security and self-protection after posting about Microsoft Baseline Security Analyzer (MBSA) and Microsoft Security Assessment Tool (MSAT) we continue with one more – Secunia Personal Software Inspector. We did write about this software way back when Secunia first came out with their Secunia Software Inspector.
There’s now 3 versions [...]

It seems like ‘vishing‘ (basically Phishing – but utilising VoIP call services) as it’s known is getting bigger, especially since the scammers have been using a flaw in Asterisk systems that allows them to hijack the VoIP exchange.
Older versions of Asterisk do have quite a number of serious flaws and it looks like scammers and [...]

BarsWF is basically an MD5 cracking tool and at the moment, is currently the fastest. Right now on nVidia 9600GT/C2D 3Ghz CUDA version does 350 M keys/sec, SSE2 version does 108 M keys/sec. You may check benchmarks of all known good MD5 bruteforcers here.

Changes in 0.8

Added checks for errors when calling CUDA kernel.
Now you [...]

I get a lot of these e-mails, sometimes I receive them almost every day. I had a thought the other day, it might be amusing if I shared them with you guys.
So I’ll post them up every time I receive 2-3. I’ve had a LOT of these kind of e-mails and some spooky ones too [...]

I found an interesting article today which sums up most of the acryonyms involved in wireless networks and wireless security and explain them all in brief.
It may clear things up for some people who get overwhelmed by all the jargon, especially with the recent news hitting the mainstream about WPA being partially cracked.

Users have every [...]

Recently we mentioned MSAT – Microsoft Security Assessment Tool and I recalled another tool which came out originally years and years ago and I’ve personally found useful in a few situations.
It’s good when you’re working on a Domain/Group Policy and you want to lock down one machine nice and tight, it can give some pretty [...]

You might remember the Sony BMG Rootkit fiasco back in 2006 when the whole Internet was up in arms about Sony installing a rootkit in the name of Digital Restriction Rights Management.
Another piece of malware has been uncovered that has been linked to Sony and their Fingerprint reader.

Researchers have unearthed rootkit-like functionality in an enterprise [...]