Archive | September, 2010


14 September 2010 | 15,804 views

sessionthief – HTTP Session Cloning & Cookie Stealing Tool

sessionthief performs HTTP session cloning by cookie stealing. It can issue basic nmap and nbtscan commands to see which IPs are on the subnet, or just listen for IPs broadcasting packets. It can quickly perform ARP poison routing to get packets given the IP of the client if not on an open network or hub, [...]

Continue Reading


10 September 2010 | 10,563 views

Email Worm Spreading Like Wildfire – W32.Imsolk/VBMania Variant

Oh this is a throw back to the 90s, a self-replicating e-mail worm based around a malicious screensaver (.scr) that sends itself to everyone in your address book. It seems this one is spreading fast though with hundreds of thousands of infections. Reminds of the heydays of ILOVEYOU and Anna Kournikova. A fast-moving email worm [...]

Continue Reading


09 September 2010 | 6,094 views

DllHijackAuditor – Free Audit Tool For DLL Hijack Vulnerability

DllHijackAuditor is the smart tool to Audit against the Dll Hijacking Vulnerability in any Windows application. This is recently discovered critical security issue affecting almost all Windows systems on the planet. It appears that large amount of Windows applications are currently susceptible to this vulnerability which can allow any attacker to completely take over the [...]

Continue Reading


08 September 2010 | 6,659 views

Microsoft Investigates IE CSS Cross-Origin Theft Vulnerability

There’s a lot of circumstantial evidence surround this as Microsoft themselves haven’t clarified or publicly announced anything related to the CSS Cross-Origin Theft bug – but it seems fairly clear. Some media sources are quoting it as a ‘new bug‘ – which it isn’t, according to other sources it has been known about for at [...]

Continue Reading


07 September 2010 | 13,027 views

Arachni – Web Application Vulnerability Scanning Framework

Arachni is a feature-full and modular Ruby framework that allows penetration testers and administrators to evaluate the security of web applications. Arachni is smart, it trains itself with every HTTP response it receives during the audit process. Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can detect changes caused [...]

Continue Reading


06 September 2010 | 5,135 views

Google Agrees To Pay $ 8.5 Million To Settle Buzz Class Action Lawsuit

And once again Google is in the news regarding privacy issues, this time it’s regarded their social networking service Buzz (which by all accounts is pretty much a flop). The way in which the service used Gmail users address books alarmed a lot of people and the default settings were rather risky and revealed a [...]

Continue Reading


03 September 2010 | 8,111 views

Malware Hash Checking Tool – Online & Offline Support

This program intends to detect a malicious file in two ways; online and offline. It calculates the md5 hash of a specified file and searches it in its current hash set (offline) or on VirusTotal site (online) and shows the result. It has http proxy support and update (for hash set) feature. It’s a simple [...]

Continue Reading


02 September 2010 | 6,006 views

Deutsche Post Security Cup – Bug Bounty Contest

The trend of paying for bugs is certainly catching on, the most recent entrant to the field is Deutsche Post the German postal service. They announced this week a security cup for their new online secure messaging service. The bug bounty trend has resurfaced recently with Mozilla increasing its bounty to $3000 and Google increasing [...]

Continue Reading


01 September 2010 | 8,608 views

Windows PowerShell DNS Server Blackhole Tool – Blacklist Domains

This is a Windows PowerShell Script to help you with blacklisting domains you wish to block in your networks. We have written about PowerShell before, it is something which can make the windows shell a lot more flexible. On the external DNS servers you can create primary zones for the domain names and FQDNs you [...]

Continue Reading