Archive | April, 2010


15 April 2010 | 13,169 views

PBNJ – Network Architecture Monitoring Tool

PBNJ is a suite of tools to monitor changes on a network over time. It does this by checking for changes on the target machine(s), which includes the details about the services running on them as well as the service state. PBNJ parses the data from a scan and stores it in a database. PBNJ [...]

Continue Reading


14 April 2010 | 7,356 views

Hackers Penetrate Apache.org In Direct Targeted Attack

This is not the first time Apache.org has been hacked, it was comprised back in September 2009 using SSH keys. This time another targeted attack against the site was successful and allowed the attackers to capture the passwords of users logging into the bug-tracking service. It also exposed the entire password list, which sadly although [...]

Continue Reading


13 April 2010 | 7,483 views

x5s – Automated XSS Security Testing Assistant

x5s is a Fiddler add-on which aims to assist penetration testers in finding cross-site scripting vulnerabilities. It’s main goal is to help you identify the hotspots where XSS might occur by: Detecting where safe encodings were not applied to emitted user-inputs Detecting where Unicode character transformations might bypass security filters Detecting where non-shortest UTF-8 encodings [...]

Continue Reading


12 April 2010 | 6,243 views

Serious Java Bug Exposes Users To Code Execution

Once again a different attack vector, seems to the creative season for discovering bugs. I guess it’s partially due to the fact this time of year tends to be pretty quiet business wise so researchers have plenty of downtime to look at nifty ways to break things. This might be a tough one to solve [...]

Continue Reading


09 April 2010 | 7,865 views

StreamArmor – Discover & Remove Alternate Data Streams (ADS)

StreamArmor is a tool for discovering hidden alternate data streams (ADS) and can also clean them completely from the system. It’s advanced auto analysis coupled with online threat verification mechanism makes it the best tool available in the market for eradicating the evil streams. StreamArmor comes with fast multi threaded ADS scanner which can recursively [...]

Continue Reading


06 April 2010 | 4,810 views

The New Look Darknet & A New VPS

If you’ve been reading regularly you would have probably noticed unavailability or extreme loading times during March. Anyway, it was about time I updated the look of the site and the functionality needed implementing properly so I took the change to put up a new theme and fix any inefficient parts of the old setup. [...]

Continue Reading


05 April 2010 | 7,574 views

Mozilla Beats Apple & Microsoft to Pwn2Own Patch For Firefox

Seems like Pwn2Own is getting a reputation for uncovering some pretty nasty browser based vulnerabilities, once again this year Firefox, Safari and IE8 were all broken wide open. The latest development is Mozilla has beaten both Microsoft and Apple to the punch and released Firefox 3.6.3 patching the vulnerability. Again it was a critical vulnerability [...]

Continue Reading


02 April 2010 | 10,422 views

pwnat – NAT To NAT Client Communication Tool

pwnat, pronounced “poe-nat”, is a tool that allows any number of clients behind NATs to communicate with a server behind a separate NAT with *no* port forwarding and *no* DMZ setup on any routers in order to directly communicate with each other. The server does not need to know anything about the clients trying to [...]

Continue Reading


01 April 2010 | 17,552 views

Open Source Keykeriki Captures Wireless Keyboard Traffic

Another interesting attack, rather than going after the PC/Server this one goes after the data sent by wireless devices such as the wireless keyboards sold by Microsoft. The neat thing is by using a replay attack you could also send rogue inputs to the device. But then it serves Microsoft right for using XOR encryption [...]

Continue Reading