Archive | May, 2010


31 May 2010 | 21,577 views

WhatWeb – Next Gen Web Scanner – Identify CMS (Content Management System)

Identify content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries, servers and more. When you visit a website in your browser the transaction includes many unseen hints about how the webserver is set up and what software is delivering the webpage. Some of these hints are obvious, eg. “Powered by XYZ” and others are [...]

Continue Reading


27 May 2010 | 38,573 views

eLearnSecurity – Online Penetration Testing Training

Introduction If you are in the information security industry, or plan to be you’ve probably been looking at the various infosec certifications available. Back when I started there really wasn’t anything available, there were no infosec degrees and no professional certs. Only later some high level ones came from SANS, then more jumped on the [...]

Continue Reading


26 May 2010 | 14,212 views

Bruter v1.0 Final Released – Parallel Network Login Brute Forcing Tool

We wrote about Bruter v1.0 ALPHA version back in 2008, recently they announced the release of v1.0 Final! Bruter is a parallel network login brute-forcer on Win32. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication. It [...]

Continue Reading


25 May 2010 | 8,192 views

IBM Distributes Malware Laden USB Drives at AusCERT Security Conference

Another case of ‘accidental’ malware distribution, remember a while back when Vodafone Spain was Distributing Mariposa Malware, the latest is that IBM handed out malware laden USB drives at a security conference of all places. Well on the up-side at least everyone there would be security savvy so damage should be minimal. If it was [...]

Continue Reading


24 May 2010 | 13,529 views

FOCA – Network Infrastructure Mapping Tool

FOCA 2 has a new algorithm which tries to discover as much info related to network infrastructure as possible. In this alpha version FOCA will add to the figured out network-map, all servers than can be found using a recursive algorithm searching in Google, BING, Reverse IP in BING, Well-known servers and DNS records, using [...]

Continue Reading


21 May 2010 | 9,837 views

76% Of Users Exposing Their Browsing Histories

This is actually a very old flaw as it’s part of the core HTTP standards, it’s exploiting the very way in which the Internet works. Basically most browsers expose browsing history if probed in the right way, the fact was that it was just too resource intensive to get any useful data. Someone has refined [...]

Continue Reading


20 May 2010 | 11,753 views

Metasploit 3.4.0 Hacking Framework Released – Over 100 New Exploits Added

Metasploit provides useful information and tools for penetration testers, security researchers, and IDS signature developers. This project was created to provide information on exploit techniques and to create a functional knowledgebase for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only. Update [...]

Continue Reading


19 May 2010 | 7,668 views

Cloud Security – The Next Big Thing? Fortify Readiness Scorecard

With the paradigm shifting, especially for high traffic or high availability web applications, towards cloud computing – will Cloud Security become the next big thing? We’ve already seen how you can use a cloud platform like Amazon EC2 for password cracking. So with a lot of companies moving to 3rd party cloud platforms, I’m sure [...]

Continue Reading


18 May 2010 | 11,673 views

sqlninja v0.2.5 Released – Microsoft SQL Server (MS-SQL) SQL Injection Vulnerability Tool

It’s been 2 years, but a new version of sqlninja is out at Sourceforge, we wrote about the previous release back in 2008 and we’ve actually been following this tool since 2006! Sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main [...]

Continue Reading


14 May 2010 | 8,490 views

Two Thirds Of All Phishing Attacks Carried Out By Single Group

Now this is a pretty surprising figure, we all know Phishing has become a big issue in recent years especially for financial institutions, but it still amazes me two-thirds of all attacks can come from a single group! It’s been a major issue concerning computer security in general, consumer privacy and companies like PayPal have [...]

Continue Reading