Archive | July, 2010


16 July 2010 | 11,870 views

Metasploit Framework 3.4.1 Released – 16 New Exploits, 22 Modules & 11 Meterpreter Scripts

The Metasploit Project is proud to announce the release of the Metasploit Framework version 3.4.1. This release sees the first official non-Windows Meterpreter payload, in PHP as discussed last month here. Rest assured that more is in store for Meterpreter on other platforms. A new extension called Railgun is now integrated into Meterpreter courtesy of [...]

Continue Reading


15 July 2010 | 6,133 views

Sunbelt Software Bought By GFI For An Undisclosed Sum

Looks like this is the way business is heading, especially in the software sector. As led by the giants Microsoft, acquisition is the way to get new and innovative software without having to produce it yourself! Sunbelt Blog is one of the few we actually link to in the sidebar and also read regularly. They [...]

Continue Reading


14 July 2010 | 9,091 views

Andiparos – Open Source Web Application Security Assessment Tool

Andiparos is a fork of the famous Paros Proxy. It is an open source web application security assessment tool that gives penetration testers the ability to spider websites, analyze content, intercept and modify requests, etc. The author did ask for the original authors of Paros Proxy to integrate his changes but was rejected, hence the [...]

Continue Reading


12 July 2010 | 7,130 views

Australian Privacy Commissioner Rules Google Wifi Actions Illegal

Oh dear, poor Google seem to be catching all kinds of flak over their Wifi Data Collection. The UK Met are already investigating them and they are being pulled to pieces in Germany too with France also weighing in. The latest to jump on the bandwagon is Australia which is stating they have breached the [...]

Continue Reading


09 July 2010 | 10,644 views

REMnux: A Linux Distribution For Reverse-Engineering Malware

REMnux is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software. The distribution is based on Ubuntu and is maintained by Lenny Zeltser. REMnux is designed for running services that are useful to emulate within an isolated laboratory environment when performing behavioral malware analysis. As part of this process, the analyst typically [...]

Continue Reading


08 July 2010 | 9,782 views

Regional Trojan Threat Targeting Online Banks

Well it was inevitable really, I’ve noticed in the last couple of years Phishing e-mails have started to use targeted lists especially for banking sites and the next up of course is trojans developed for specific regions. A security company Trusteer (who makes Rapport) has done some research on this matter which has pin-pointed certain [...]

Continue Reading


07 July 2010 | 17,011 views

Safe3 SQL Injector – Automatic Detection & Exploitation Of SQL Injection Flaws

Safe3 SQL Injector is one of the most powerful penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers. Features Full support for GET/Post/Cookie Injection Full support for HTTP Basic, Digest, NTLM and Certificate authentications Full support for MySQL, Oracle, PostgreSQL, MSSQL, ACESS, DB2, [...]

Continue Reading


06 July 2010 | 9,606 views

Tabnapping Attack On The Increase

This is an interesting new attack, I saw a live demo of it a while back here: Tabnabbing: A New Type of Phishing Attack. All you need to do is let the page load, then browse to another tab for 5 seconds or more and you’ll see the favicon change to Gmail and the page [...]

Continue Reading


05 July 2010 | 8,237 views

inundator v0.5 Released – IDS/IPS/WAF Evasion & Flooding Tool

What is inundator? inundator is a multi-threaded, queue-driven, IDS evasion tool. Its purpose is to anonymously flood intrusion detection systems (specifically Snort) with traffic designed to trigger false positives via a SOCKS proxy in order to obfuscate a real attack. When would I use inundator? inundator would be used whenever you feel there is a [...]

Continue Reading


02 July 2010 | 4,854 views

Adobe Patches PDF Vulnerabilities Being Exploited In The Wild

At least! Adobe has sorted itself out and released patches for 17 critical vulnerabilities in their Reader and Acrobat applications. We reported back in January about Active Exploitation Of Unpatched PDF Vulnerabilities. The latest slew of vulnerabilities has been actively exploited by hackers for at least the past month as detected in the wild by [...]

Continue Reading