Archive | October, 2010


29 October 2010 | 17,075 views

Critical 0-day Vulnerability In Adobe Flash Player, Reader & Acrobat

Well this seems to be a frequently recurring theme, yes there is yet another critical 0day vulnerability in Adobe products – pretty much across the board this time. It was that long ago that a critical flaw in Flash put Android phones at risk. The core vulnerability exists in Flash but it’s being actively exploited […]

Continue Reading


28 October 2010 | 41,386 views

Firesheep – Social Network Session Stealing/Hijacking Tool

A huge wave has been made by this tool in the mainstream media this week as it makes session stealing/hijacking a click and go procedure. It was released at Toorcon 12 and is simply a Firefox Add-on. Stealing sessions/passwords and so on is something we’ve been able to do for a LONG time using Wireshark […]

Continue Reading


27 October 2010 | 12,625 views

Hackers Exploit Unpatched Firefox 0day Using Nobel Peace Prize Website

It’s been a while since Firefox has been in the news, but this is a fairly high profile case involving the Nobel Peace Prize website. It seems there is a race condition vulnerability in the latest versions of Firefox (including 3.6.11) that allows remote exploitation. In this case it was used via an iFrame on […]

Continue Reading


25 October 2010 | 18,128 views

The Social-Engineer Toolkit (SET) – Computer Based Social Engineering Tools

The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal. SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has […]

Continue Reading


21 October 2010 | 7,369 views

Malware Pushers Abuse Firefox Warning Page

This is a pretty neat attack from the malware pushes leveraging on the ignorance of the average user – which in all honestly is a safe bet most of the time! You could consider it a Social Engineering attack as it’s taking something that’s familiar and changing it to deliver malware. I’m sure all the […]

Continue Reading


20 October 2010 | 8,733 views

NSDECODER – Automated Website Malware Detection Tool

NSDECODER is a automated website malware detection tool. It can be used to decode and analyze an URL to see if it host to malware. Also, NSDECODER will analyze which vulnerability has been exploited and the original source address of malware. Functions Automated analysis and detection of website malware. Detection for plenty of vulnerabilities. Log […]

Continue Reading


19 October 2010 | 7,602 views

Facebook Apps Leaking Personal Data To Third Parties

Less than a week after our story about Facebook Introducing OTP (One-time Password) Functionality to make the site more secure, their dubious privacy standards have hit the news again. Facebook privacy has been in the news numerous times and it’s a subject we’ve also covered many times, with the sheer mass of users on the […]

Continue Reading


18 October 2010 | 10,074 views

USBsploit 0.3b – Generate Reverse TCP Backdoors & Malicious .LNK Files

PoC to generate Reverse TCP backdoors (x86, x64, all ports), running Autorun or LNK USB infections, but also dumping all USB files remotely on multiple targets at the same time. USBsploit works through Meterpreter sessions with a light (27MB) modified version of Metasploit. The interface is a mod of SET (The Social Engineering Toolkit). The […]

Continue Reading


15 October 2010 | 12,826 views

Half Of Home Wi-Fi Networks In The UK Vulnerable to Hacking/WiFi-Jacking

Once again WiFi security is in the news, this time a new report in the UK shows that almost half of UK home WiFi networks could be compromised within 5 seconds. While that sounds a little dramatic it wouldn’t surprise me if a lot still have no WEP key at all. And even if they […]

Continue Reading


14 October 2010 | 14,135 views

Windows Credentials Editor v1.0 – List, Add & Edit Logon Sessions

Windows Credentials Editor (WCE) allows to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes). This can be used, for example, to perform pass-the-hash on Windows and also obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.) which can be used in further attacks. Supported Platforms […]

Continue Reading