We’ve been following sqlmap since it first came out in Feburary 2007 and it’s been quite some time since the last update sqlmap 0.6.3 in December 2008.
For those not familiar with the tool, sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection [...]
Ah another first, and once again China is at the forefront! We recently reported about a Chinese company sharing their huge malware database and now a group of Chinese companies has managed to develop the first SMS worm!
It’s a pretty cool concept, abusing the Symbian Express Signing procedure. It reminds me of the heydays of [...]
crack.pl is a tool for cracking SHA1 & MD5 hashes, including a new BETA tool which can crack MD5 that have been salted. You can use a dictionary file or bruteforce and it can be used to generate tables itself.
NOTE – Salt function is currently only available for md5, you need to append ‘\’ infront [...]
L0pht has been a staple of the hacking scene since the Internet existed, with the ever fabulous L0phtcrack being their best known offering.
Of course when that was sold off to Symantec then subsequently discontinued, things changed a lot.
Well now the Hacker News Network is back online, one of the side projects of L0pht Heavy Industries [...]
Wireshark is the world’s foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions.
Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998. Many of you will know it as Ethereal.
Features
Deep [...]
Now this is pretty disgusting behaviour from a national telco provider, but well is it really surprising in Dubai? For me..no it’s not.
I’ve spent a reasonable amount of time in Dubai on various projects, and my first surprise was Flickr being blocked. Especially as Dubai is probably the most liberal place in the Middle East. [...]
GFI LANguard is a product that has been around for a LONG time, I remember using it way back at version 3 or 4 and it was always my choice of platform if I was auditing a Windows based network.
Especially internal Windows LAN setups with a domain, for Linux I always felt there were better [...]
Ah a bug in our beloved Firefox, after the latest 3.5 update (which sees some definite improvements).
The last one I recall was the Clickjacking Vulnerability, which also effected Chrome.
It seems like it’s not too serious of an issue and will only cause crashing, there’s no room for remote exploitation or code execution. So it may [...]
This perl script allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections.
We reported bsqlbf when it first hit the net back in April 2006 with bsqlbf v1.1, then the v2.0 update in June 2008. This new [...]
We need more companies like this that acknowledge hoarding data isn’t doing anything for the greater good, to really stamp out the core problems you have to share the data you’ve correlated across the World so everyone can put together what they have and do something about it.
It seems like with China pumping out the [...]
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. Used to learn or teach the art of web application security.
Vulnerabilities
SQL Injection
XSS (Cross Site Scripting)
LFI (Local File Inclusion)
RFI (Remote File Inclusion)
Command Execution
Upload Script
Login Brute [...]
You might recall we’ve discussed the security of Industrial Control Systems before, the latest ‘evolution’ is the so called Smart Grid.
Which in all honestly, doesn’t seem to be very smart at all. In basic terms they are trying to turn the power-grid into a two way communication medium so consumers homes can report back to [...]
MultiISO LiveDVD is an integrated Live DVD technology which combines some of the very popular Live CD ISOs already available on the internet. It can be used for security reconnaissance, vulnerability identification, penetration testing, system rescue, media center and multimedia, system recovery, etc. It’s a all-in-one multipurpose LiveDVD put together. There’s something in it for [...]
Ah now this is interesting..and scary in a way. Script Kiddies with guns!
Script kiddies going to war, or is it turning soldiers into script kiddies. Who knows.
Anyway, the US military has decided to make their soldiers walking hackers, with an all-in-one super hacking device that can penetrate satellite signals, VoIP networks and normal information systems.
As [...]
The Middler is a Man in the Middle tool to demonstrate protocol middling attacks. Led by Jay Beale, the project involves a team of authors including InGuardians agents Justin Searle and Matt Carpenter. The Middler is intended to man in the middle, or “middle” for short, every protocol for which we can create code.
In [...]
This story actually gave me a lot of LULZ, how stupid can you be seriously? Man this guy made so many mistakes for someone so paranoid (he had a web cam setup outside his appartment door so he could see who was coming)..
But then he exposed his IP address on IRC, posted his face on [...]
