This tool provides a demonstration of the HTTPS stripping attacks that was presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which [...]

Well the day has come when money-minded botnet owners have turned their services towards online gaming. For a small fee (USD20) you can get someone to set you up with the software to ‘boot’ people from the Xbox Live network.
It’s always been a problem in gaming, if something can get hold of your IP address [...]

WMAT is Web Mail Auth Tool that provide some essential functions for testing web mail logins, written in python with support of pyCurl.
How it works?
It is very simple, You give WMAT file with usernames, file with passwords, URL of web mail app and chose pattern for attack. Patterns are XML files that define post/get fields, [...]

Another flaw in the Adobe product suite! It seems like PDF is turning into a complex animal, complexity of course always brings more security issues.
It was only back in February last year when there was a bug in Adobe Reader, and almost exactly a year later another one.
This time it’s a zero-day just hit and [...]

For those of you who are not familiar with DShield (where have you been? under a rock?) it’s a Cooperative Network Security Community. Basically what that means is they collect firewall logs and map out the trends.
Like when there was a worm going around that bruteforced SSH2 you could see a spike in port 22 [...]

Hardware hacking is an interesting area and something not too many people get into as the soldering irons, capacitors and chipsets seem daunting. I did have a play around with cable boxes and satellite feeds in my earlier years and was surprised to find how insecure they were.
Most traffic is transmitted unencrypted, the stuff that [...]

The latest big buzz is Fast-Track released recently at ShmooCon by Securestate, basically Fast-Track is an automated penetration suite for penetration testers.
For those of you new to Fast-Track, Fast-Track is a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network. Fast-Track was originally conceived [...]

Secure programming is a huge issue and it’s the lack of it that causes all the problems we have with vulnerabilities and the exploits associated with them. If everywhere developers followed secure programming practices we wouldn’t have buffer overflow issues or unsanitized parameters leading to SQL Injection.
The NSA (National Security Agency), working with MITRE, SANS, [...]

The Remote Exploit Development Team is happy to announce the release of BackTrack 4 Beta. In this latest version of BackTrack 4 there have been some conceptual changed and some new and exciting features. The most significant of these changes is the expansion from the realm of a Pentesting LiveCD towards a full blown “Distribution”.
Now [...]

We did mention Conficker when it broke out back in January causing one of the largest scale infections ever seen (an estimated 9 million machines in just a few months).
The latest news is that Microsoft are offering a bounty to catch the author of the malware, we have seen this back in 2003/4 (The Anti-virus [...]

Webtunnel is a network utility that encapsulates arbitrary data in HTTP and transmits it through a web server. In that regard, it is similar to httptunnel, however, it has several key important differences: its server component runs in the context of a web server as a CGI application (with optional FastCGI support) so it does [...]

The latest big news is that on February 6th the Kaspersky Customer Records database was hacked through a simple SQL injection flaw on the website. The hacker claimed it was possible to expose all customer data including users, activation codes, lists of bugs, admins, shot and so on. The anonymous hacker hasn’t actually posted any [...]

If your organisation is using any kind of Cisco Wi-Fi kit it may be time to get the latest patches for your kit. Although they state there is no proof that hackers have used this attack in the wild – in my experience if Cisco have discovered this now, someone else probably knew about it [...]

FlowMatrix is Network Anomaly Detection and Network Behavioral Analysis (NBA) System, which in fully automatic mode constantly monitors your network using NetFlow records from your routers and other network devices in order to identify relevant anomalous security and network events.
In addition, the new release of FlowMatrix, (ver.0.9.62 and later) supports Network Applications Behavior Analysis. This [...]

It seems like Windows 7 is already creating some controversy even though it’s still in BETA. Just like Vista it also has UAC (User Access Control) which a lot of people disable completely because they find it irritating (myself included).
When that happens, the boundary between security and usability has crossed too far and the control [...]

This is more of a tool for the information security professional amongst us, those working in a team carrying out web application audits, penetration tests and vulnerability assessments.
It’s useful for a team to use a tool like dradis so everyone is on the same page and the progress and segregation of responsibility can easily be [...]

Just remember that even though Firefox tends to be more secure than Internet Exploder – it’s not immune from vulnerabilities (although they do tend to get fixed much much faster).
The latest one that’s cropped up in both Firefox and Chrome is a clickjacking vulnerability. This is basically where a link is replaced by an attacker [...]