Archive | December, 2010


29 December 2010 | 9,394 views

IOCTL Fuzzer v1.2 – Fuzzing Tool For Windows Kernel Drivers

IOCTL Fuzzer is a tool designed to automate the task of searching vulnerabilities in Windows kernel drivers by performing fuzz tests on them. The fuzzer’s own driver hooks NtDeviceIoControlFile in order to take control of all IOCTL requests throughout the system. While processing IOCTLs, the fuzzer will spoof those IOCTLs conforming to conditions specified in [...]

Continue Reading


24 December 2010 | 7,838 views

Merry Christmas 2010

No updates for today, it’s Christmas Eve! Just wanted to take this opportunity to wish all of you that celebrate a Merry Christmas 2010. See you next week :)

Continue Reading


23 December 2010 | 13,526 views

Car Immobilisers Using Weak Encryption Schemes

Another case of a certain industry lagging behind, I mean come-on – who seriously still using proprietary cryptography algorithms in 2010? Especially only 40 or 48-bit protocols, with the processing power available on hand now and new techniques like GPU based cracking – that just doesn’t cut it. The latest discovery of such implementations was [...]

Continue Reading


22 December 2010 | 16,998 views

WackoPicko – Vulnerable Website For Learning & Security Tool Evaluation

There are various vulnerable web applications out there to hone your skills or test the latest web vulnerability scanner you downloaded, one such package would be Damn Vulnerable Web App – Learn & Practise Web Hacking. There are others such as: Vicnum – Lightweight Vulnerable Web Application Web Security Dojo – Training Environment For Web [...]

Continue Reading


21 December 2010 | 12,609 views

Gawker CTO Outlines Security Improvements Post Breach

An e-mail from the Gawker CTO (Tom Plunkett) has been posted online and it outlines the security improvements that Gawker are planning to implement after the recent massive breach of user passwords from their database. As we mentioned recently, the U.S. Federal Bureau of Investigation is looking into the Gawker breach, which just goes to [...]

Continue Reading


16 December 2010 | 10,724 views

Honggfuzz – Simple Command Line Software Fuzzing Tool

Honggfuzz is a general-purpose fuzzing tool. Given a starting corpus of test files, Hongfuzz supplies and modifies input to a test program and utilize the ptrace() API/POSIX signal interface to detect and log crashes. Basically it’s a simple, easy to use via command-line interface, providing nice analysis of software crashes in a simple form of [...]

Continue Reading


15 December 2010 | 15,105 views

FBI Investigating Gawker Media User Database Password Ownage

After the non-stop action with WikiLeaks last week, the big news this week is the hack carried out on Gawker Media which exposed their users e-mail addresses and passwords. More than 200,000 password hashes (very lightly encrypted with DES) and e-mail combos can be downloaded on-line as a torrent file. Now this has had some [...]

Continue Reading


14 December 2010 | 16,915 views

SQLInject-Finder – Intelligent SQL Injection Detection Script

SQLInject-Finder is a simple python script that parses through a pcap and looks at the GET and POST request data for suspicious and possible SQL injects. Rules to check for SQL injection can be easily added. Output can be printed neatly on the command line or in tab delimited format. The output includes: The suspicious [...]

Continue Reading


09 December 2010 | 10,874 views

WikiLeaks Attacks Cause Rival DDoS Retaliation

The biggest news by far for the past week or so has been the attacks on WikiLeaks infrastructure after posting tens of thousands of classified cables online in a categorized form. Just a few days ago their DNS provider (EveryDNS) pulled the plug – apparently due to pressure from the US government, and also because [...]

Continue Reading


08 December 2010 | 13,846 views

TwitterPasswordDecryptor – Instantly Recover Twitter Account Passwords

TwitterPasswordDecryptor is the FREE tool to instantly recover Twitter account passwords stored by popular web browsers. Most web browsers store the login credentials for visited websites so that user don’t have to remember and enter the password every time. Each of these web browsers use their own proprietary encryption mechanism to store the login passwords [...]

Continue Reading