Archive | March, 2009


31 March 2009 | 5,281 views

Microsoft Open Source Security Tool – !exploitable Crash Analyzer

Finally Microsoft is doing something proactive and perhaps even slightly ahead of the game, a real game-change for the security community. They have released a new AND open-source tool to make debugging easier, it gives developers a lot of help during the release cycle to build more secure software. Mostly because it takes the legwork [...]

Continue Reading


27 March 2009 | 4,217 views

Deblaze – Remote Method Enumeration Tool For Flex Servers

Through the use of the Flex programming model and the ActionScript language, Flash Remoting was born. Flash applications can make request to a remote server to call server side functions, such as looking up accounts, retrieving additional data and graphics, and performing complex business operations. However, the ability to call remote methods also increases the [...]

Continue Reading


26 March 2009 | 6,263 views

Israel Hacker ‘The Analyzer’ Steals Over $10 Million USD

It’s seems like a new hacker is in the sights of the US Government, this time it’s Ehud Tenenbaum AKA ‘The Analyzer’. He seems to have been quite sloppy about covering his tracks and remaining under the radar, he acts as if no-one can get him. Perhaps he knows something we don’t? Anyway he’s firmly [...]

Continue Reading


25 March 2009 | 8,607 views

ProxyStrike v2.1 Released – Active Web Application Proxy Tool

In April last year we wrote about ProxyStrike, recently the developer has released a couple of new versions – the latest being v2.1. ProxyStrike is an active Web Application Proxy, is a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications [...]

Continue Reading


24 March 2009 | 6,213 views

Charlie Miller Does It Again At PWN2OWN

You right remember in March last year we posted about Charlie Miller at the PWN2OWN contest owning the MacBook Air in under 2 minutes. Guess what? He’s done it again! This time though he’s even faster clocking in at under 10 seconds. No one else stood a chance. He walked off with the prize again, [...]

Continue Reading


23 March 2009 | 10,320 views

sqlsus 0.2 Released – MySQL Injection & Takeover Tool

sqlsus is an open source MySQL injection and takeover tool, written in perl. Via a command line interface that mimics a mysql console, you can retrieve the database structure, inject a SQL query, download files from the web server, upload and control a backdoor, and much more… It is designed to maximize the amount of [...]

Continue Reading


20 March 2009 | 5,477 views

Indian Credit Card Fraud Exposed – Linked to Symantec

In a recent undercover sting the BBC has uncovered some unscrupulous Indian chaps selling valid UK credit card details, the kicker to the story is the fraud is linked to Symantec as the people being defrauded had all recently bought Norton subscriptions. I guess it’s hard to control a 3rd party call center though and [...]

Continue Reading


19 March 2009 | 8,912 views

Webshag 1.10 Released – Free Web Server Audit Tool

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing. You may remember back in March 2008 we published about Webshag 1.00 being released. Now Webshag 1.10 has been released! This new version provides several feature [...]

Continue Reading


18 March 2009 | 5,487 views

New Conficker Variant More Aggressive

Conficker has gotten quite a lot of news recently with it growing so fast and Microsoft offering a bounty for the authors. It seems like the Conficker authors are really serious about retaining control of their botnet and expanding it further without hindrance from the companies trying to stop them. It’s quite likely they are [...]

Continue Reading


17 March 2009 | 6,957 views

dnsmap 0.22 Released – Subdomain Bruteforcing Tool

dnsmap is a subdomain bruteforcer for stealth enumeration, you could say something similar to Reverse Raider or DNSenum. Originally released in 2006, dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, [...]

Continue Reading