Archive | 2010


07 December 2010 | 7,902 views

India Central Bureau of Investigation (CBI) Site Still Down

There has been quite a lot of chatter online about this case, politically there are long standing disputes between India and Pakistan and naturally these also extend to online wars – which inevitably end in defacement. The latest target from the group calling themselves the Pakistani Cyber Army was the site for the Central Bureau [...]

Continue Reading


03 December 2010 | 9,229 views

LFIMAP – Scan For Files Vulnerable To LFI (Local File Inclusion)

There are some existing tools that deal with LFI vulnerabilities such as fimap the Remote & Local File Inclusion (RFI/LFI) Scanner and inspathx a Tool For Finding Path Disclosure Vulnerabilities (which can lead to the discovery of LFI). A new simple tool was released recently which focuses purely on LFI attacks. Functions Automatically find the [...]

Continue Reading


02 December 2010 | 13,919 views

Cloud Computing Use By Criminals Increasing

Over the last couple of years Cloud Computing has started gaining some real leverage, it’s being deployed on a wide scale, it’s becoming more affordable and the platforms supplying such services are becoming more stable. Of course the natural progression of this wider adoption is the focus of the security community and naturally the bad [...]

Continue Reading


01 December 2010 | 24,889 views

Armitage – Cyber Attack Management & GUI For Metasploit

Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don’t use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage [...]

Continue Reading


30 November 2010 | 9,501 views

Windows Vista & Windows 7 Kernel Bug Can Bypass UAC

Now this is not the first time Windows UAC has hit the news for being flawed, back in February 2009 it was discovered that Windows 7 UAC Vulnerable – User Mode Program Can Disable User Access Control and after that in November 2009 it was demonstrated that Windows 7 UAC (User Access Control) Ineffective Against [...]

Continue Reading


25 November 2010 | 13,177 views

BlackSheep – Detect Users Of FireSheep On The Network

As you surely know, things blew up recently at Toorcon 12 with the release of the much talked about Firefox plugin called Firesheep. There were various discussions about how to mitigate against it like using Firefox plug-ins to force SSL connections (where available). Microsoft also tried to secure Hotmail with SSL but kinda b0rked that [...]

Continue Reading


24 November 2010 | 17,442 views

SHA-1 Password Hashes Cracked Using Amazon EC2 GPU Cloud

It’s not the first time someone has pulled this off, back in November 2009 we wrote about Using Cloud Computing To Crack Passwords – Amazon’s EC2. Add that with a story way back from 2007 – Graphics Cards – The Next Big Thing for Password Cracking? – and you’ve got yourself an interesting combo with [...]

Continue Reading


22 November 2010 | 17,899 views

CUDA-Multiforcer – GPU Powered High Performance Multihash Brute Forcer

The Cryptohaze Multiforcer is a high performance multihash brute forcer with support for per-position character sets, and very good performance scaling when dealing with large hash lists. As an example, on a list of 10 hashes, the Cryptohaze Multiforcer achieves 390M steps per second on a GTX260/216SP@1.24ghz card. On a list of 1.4 million hashes [...]

Continue Reading


19 November 2010 | 15,269 views

European Banks Seeing New Wave Of ATM Skimming

ATM hacking and skimming were often in the news a few years back, but since the banks ramped up the security on ATM machines – including anti-skimming devices – ATM fraud activities seemed to drop off. Remember the Pro ATM Hacker ‘Chao’ Gives Out ATM Hacking Tips and a bunch of people getting busted not [...]

Continue Reading


18 November 2010 | 46,568 views

Crunch – Password Cracking Wordlist Generator

Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations. Some other options are: The Associative Word List Generator (AWLG) – Wordlists for Password Cracking CeWL – Custom Word List Generator Tool for Password Cracking RSMangler – Keyword [...]

Continue Reading