Archive | October, 2009


30 October 2009 | 17,855 views

Illegal File Sharers To Be Cut Off By 2011

It was 2008 when the UK government originally proposed disconnecting pirates from the Internet, then a few months later Australia followed suit. The latest is that it’s really going to be legislated and will come into force by April 2010 under the Digital Economy Bill. I’ve noticed this trend picking up lately, a few companies [...]

Continue Reading


29 October 2009 | 5,482 views

KrbGuess – Guess/Enumerate Kerberos User Accounts

KrbGuess is a small and simple tool which can be used during security testing to guess valid usernames against a Kerberos environment. It allows you to do this by studying the response from a TGT request to the KDC server. The tool works against both Microsoft Active Directory, MIT and Heimdal Kerberos implementations. In addition [...]

Continue Reading


28 October 2009 | 6,294 views

Facebook E-mail Spam Conceals Malware Attack

Facebook has had a fair share of problems, being a large community of course it’s going to be a ripe target for spammers, scammers and malware distributors. The latest to hit is a spam e-mail claiming to be from the Facebook team that actually spreads a nasty piece of malware called Bredolab. It’s also been [...]

Continue Reading


27 October 2009 | 4,449 views

Yokoso! – Web Infrastructure Fingerprinting & Delivery Tool

Yokoso! is a project focused on creating fingerprinting code that is deliverable through some form of client attack. This can be used during penetration tests that combine network and web applications. One of the most common questions we hear is “so what can you do with XSS?” and we hope that Yokoso! answers that question. [...]

Continue Reading


26 October 2009 | 4,863 views

Web Application Security Consortium (WASC) 2008 Statistics Published

The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2008. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. We ascertain which classes of attacks are the most prevalent [...]

Continue Reading


22 October 2009 | 34,582 views

Nikto 2.1.0 Released – Web Server Security Scanning Tool

It’s been almost 2 years since the last update on Nikto, which was version 2. For those that don’t know, Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on [...]

Continue Reading


21 October 2009 | 33,197 views

Retarded E-mails – Carding, Coins, Bombs & More!

Ah it’s that time of the year again when all the back to skoolers have some mad l33t knowledge and wanna h4x0r the planet or something. Hmmm website hacking, sounds simple eh? thriller wrote: hai i would like to know website hacking how?……… sedn to my mail Ok I’m following up up to the exploding [...]

Continue Reading


20 October 2009 | 24,528 views

Origami – Parse, Analyze & Forge PDF Documents

origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents. Features [...]

Continue Reading


19 October 2009 | 44,289 views

Firefox Blocks Microsoft .NET Framework Assistant Add-on

This is an interesting development, I noticed the pop-up on my Firefox yesterday. The reason however wasn’t security it was ‘instability’. It’s a fair move by Mozilla though as the add-on can cause security vulnerabilities in Firefox outside of their control. They can’t fix the software, so the best thing they can do to ensure [...]

Continue Reading


16 October 2009 | 13,804 views

Naptha – TCP State Exhaustion Vulnerability & Tool

The Naptha vulnerabilities are a type of denial-of-service vulnerabilities researched and documented by Bob Keyes of BindView’s RAZOR Security Team in 2000. The vulnerabilities exist in some implementations of the TCP protocol, specifically in the way some TCP implementations keep track of the state of TCP connections, and allow an attacker to exhaust the resources [...]

Continue Reading