Archive | January, 2009


15 January 2009 | 12,043 views

Next-Gen Botnets Taking The Place of Storm and Srizbi

Back in November there was a considerable drop in Spam when Spam friendly ISP McColo was cut off from the Internet by it’s upstream peer. Srizbi worm was pretty smart though and was picking up again by the end of November. Later in the year the botnets were somewhat neutralised leading to a huge drop [...]

Continue Reading


14 January 2009 | 37,211 views

The Associative Word List Generator (AWLG) – Create Related Wordlists for Password Cracking

You may remember some time back we did a fairly exhaustive post on Password Cracking Wordlists and Tools for Brute Forcing. Wyd the Password Profiling Tool also does something similar to AWLG but it’s a PERL script rather than being based online. I’d prefer if AWLG let us download an offline version too personally. About [...]

Continue Reading


13 January 2009 | 3,804 views

Fake CNN Site From Phishing E-mail Serves Trojan

The latest Phishing E-mails going round are leveraging on people’s need to digest the latest information, in this case about the Israel-Hamas conflict. They set up a fake CNN site which prompts you to upgrade your flash player to view the video, of course it’s not Flash but a Trojan targeting your sensitive financial information. [...]

Continue Reading


12 January 2009 | 7,348 views

OWASP (Open Web Application Security Project) Testing Guide v3 Released

This project’s goal is to create a “best practices” web application penetration testing framework which users can implement in their own organizations and a “low level” web application penetration testing guide that describes how to find certain issues. Version 3 of the Testing Guide was released in last month in December 2008, the project was [...]

Continue Reading


09 January 2009 | 5,476 views

TJX (T.J. Maxx and Marshall’s) Hacker Jailed For 30 Years

You should be familiar with the TJX case by now (TJX Largest Breach of Customer Data in U.S. History) and we’ve been following it here for a couple of years. We reported back in August last year that the TJX Credit Card Hackers were Busted and now one of the 11 guys involved has been [...]

Continue Reading


08 January 2009 | 3,589 views

Time and Attack Mapper AKA TA-Mapper – Time/Effort Estimator Tool For Blackbox Security Assessment

Time and Attack Mapper (alternatively known as TA-Mapper) is an effort estimator tool for blackbox security assessment (or Penetration Testing) of applications. This tool provides more accurate estimation when compared to rough estimation. Penetration testers who always has hard time explaining/justifying the efforts charged (or quoted) to their customers can find this tool handy by [...]

Continue Reading


07 January 2009 | 7,512 views

Cisco Vulnerability Given ‘Write Once, Run Anywhere’ Treatement

This is an interesting development in router security, Cisco bugs have been popping up now and then – not that often – but usually when they do they are quite serious. The problem with them was you needed so many variations unless you were just targeting one specific router, with that specific version of IOS [...]

Continue Reading


06 January 2009 | 20,833 views

WITOOL v0.1 – GUI Based SQL Injection Tool in .NET

WITOOL is an graphical based SQL Injection Tool written in dotNET. – For SQL Server, Oracle – Error Base and Union Base Interface Features Retrieve schema : DB/TableSpace, Table, Column, other object Retrieve data : retrive paging, dump xml file Log : View the raw data HTTP log Environment OS: Windows 2000/XP/VISTA Requirement: Microsoft .NET(2.0) [...]

Continue Reading


05 January 2009 | 4,655 views

Phishing Attacks Hits Twitter Users – Utilising Direct Messages

I personally received the following direct message on Twitter from someone I know quite well: hey! check out this funny blog about you… http://jannawalitax.blogspot.com/ It’s a link to a fake blogspot URL that redirects to a phishing URL for Twitter, it looks the same as the real login page but the actual URL is: http://twitterblogs.access-logins.com/login [...]

Continue Reading