Archive | March, 2010


10 March 2010 | 11,099 views

WebRaider – Automated Web Application Exploitation Tool

WebRaider is a plugin based automated web application exploitation tool which focuses to get a shell from multiple targets or injection point Idea of this attack is very simple. Getting a reverse shell from an SQL Injection with one request without using an extra channel such as TFTP, FTP to upload the initial payload. It’s [...]

Continue Reading


09 March 2010 | 9,152 views

Energizer Duo USB Battery Charger Software Has Backdoor Trojan

There has been a number of interested stories lately especially related to hardware, the latest doing the rounds is this one where a seemingly innocuous USB battery charger has been installing some nasty remote control software onto users systems. The charger at fault is the Energizer Duo USB Battery Charger, you’re only at risk if [...]

Continue Reading


08 March 2010 | 10,198 views

SAHI – Web Automation & Application Security Testing Tool

Sahi is an automation tool to test web applications. Sahi injects javascript into web pages using a proxy and the javascript helps automate web applications. Sahi is a tester friendly tool. It abstracts out most difficulties that testers face while automating web applications. Some salient features include excellent recorder, platform and browser independence, no XPaths, [...]

Continue Reading


05 March 2010 | 10,226 views

Boffins Crack OpenSSL Library Using Power Fluctuations

Now this is a very interesting technique, as far as I know I’ve not seen anything similar to this before. It’s like a rather bizarre meld of hardware hacking and software exploitation using cryptographic algorithm cracking techniques. Some rather smart fellas have found a way to extract the private SSL key from a device by [...]

Continue Reading


03 March 2010 | 14,767 views

Ncrack – High Speed Network Authentication Cracking Tool

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic [...]

Continue Reading


02 March 2010 | 6,538 views

High Tech Ticket Scalpers Earn $25 Million Profits

Today’s news is that a company in the US has been using CAPTCHA breaking technology to run a very profitable ticket scalping operation. Reports state they netted a $25 Million USD profit over a 6 year period, which is an industry is extremely lucrative especially for a reasonably small operation. Of course they way in [...]

Continue Reading


01 March 2010 | 11,706 views

Web Security Dojo – Training Environment For Web Application Security

Web Security Dojo is a free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo What? Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v9.10. Why? The Web Security Dojo is for learning and practicing web app security testing [...]

Continue Reading