Archive | April, 2010


30 April 2010 | 19,342 views

DAVTest – WebDAV Vulnerability Scanning (Scanner) Tool

When facing off against a WebDAV enabled server, there are two things to find out quickly: can you upload files, and if so, can you execute code? DAVTest attempts help answer those questions, as well as enable the pentester to quickly gain access to the host. DAVTest tries to upload test files of various extension […]

Continue Reading


29 April 2010 | 6,781 views

Texas Man Pleads Guilty To Bot Network For Hire

Another botnet herder bites the dust, the latest news in the malware arena is about David Anthony Edwards from Texas who has admitted he and his accomplice had offered tailor made malware and DDoS attacks for rent. 22,000 zombies is a reasonable number of bots for a herder to control on their own, and assuming […]

Continue Reading


27 April 2010 | 14,620 views

fuzzdb – Comprehensive Set Of Known Attack Sequences

fuzzdb is a comprehensive set of known attack pattern sequences, predictable locations, and error messages for intelligent brute force testing and exploit condition identification of web applications. Many mechanisms of attack used to exploit different web server platforms and applications are triggered by particular meta-characters that are observed in more than one product security advisory. […]

Continue Reading


26 April 2010 | 42,788 views

Seattle Computer Security Expert Turns Tables On The Police

Honestly there’s been nothing much going on for the past few days or over the weekend, Microsoft retracted some patches citing ‘quality issues’ and there was announcement about Metasploit Express version. But well that was about it! This was the only story I found vaguely interesting, because well we all love to flip the bird […]

Continue Reading


23 April 2010 | 4,949 views

ReFrameworker – General Purpose Framework Modifier

ReFrameworker is a general purpose Framework modifier, used to reconstruct framework Runtimes by creating modified versions from the original implementation that was provided by the framework vendor. ReFrameworker performs the required steps of runtime manipulation by tampering with the binaries containing the framework’s classes, in order to produce modified binaries that can replace the original […]

Continue Reading


22 April 2010 | 15,385 views

PayPal Patches Critical Security Vulnerabilities

PayPal in the news again for a series of fairly high-profile vulnerabilities discovered by the same guy that found the XSS bugs in Google Calendar and Twitter (Nir Goldshlager). I’m glad people are looking at PayPal as I’m sure the volume of monetary transactions that pass through their site on a daily basis is huge. […]

Continue Reading


21 April 2010 | 36,778 views

The Conscience of a Hacker AKA The Hacker’s Manifesto By The Mentor

This is a seminal piece of writing from the underground, forgotten by many but adored by many more. It still resonates with me and has as much meaning as it did back in the day when I first read it in Phrack Issue 7. If you don’t know anything about this text or have never […]

Continue Reading


20 April 2010 | 5,481 views

China Reports Millions Of Conficker Infections

Conficker has been giving us all headaches for quite some time now, the latest news it that China hosts up to 28% of the World Conficker infections at its peak. 7 million separate hosts infected with Conficker at the end of 2009, that’s more than the population of some countries! It’s a pretty nasty piece […]

Continue Reading


19 April 2010 | 8,914 views

Netsparker Community Edition – Web Application Security Scanner

Netsparker is a Web Application Security Scanner that claims to be False-Positive Free. The developers thought that if you need to investigate every single identified issue manually what’s the point of having an automated scanner? So they developed a new technology which can confirm vulnerabilities on demand which allowed us to develop the first false […]

Continue Reading


16 April 2010 | 7,180 views

Oracle Releases Emergency Patch for Java Vulnerability

After informing a researcher just a few days ago that “they do not consider this vulnerability to be of high enough priority to break their quarterly patch cycle” they have made a 180 turn on the issue and pushed out an emergency patch to mitigate against the Serious Java Bug That Exposes Users To Code […]

Continue Reading