Archive | April, 2011


28 April 2011 | 9,077 views

Sony PlayStation Network Hack Resulted In Stolen User Data & Lawsuit

So after our report on Monday – Sony Rebuilding PlayStation Network (PSN) – Down 4 Days So Far – news had been spilling out about this whole thing pretty much non-stop. It appears the network is still down and there was some serious data loss including user data for millions of users being stolen. All [...]

Continue Reading


26 April 2011 | 10,904 views

OWASP Hatkit Proxy Project – HTTP/TCP Intercepting Proxy Tool

The primary purpose of the Hatkit Proxy is to create a minimal, lightweight proxy which stores traffic into an offline storage where further analysis can be performed, i.e. all kinds of analysis which is currently implemented by the proxies themselves (WebScarab/Burp/Paros etc). Also, since the http traffic is stored in a MongoDB, the traffic is [...]

Continue Reading


25 April 2011 | 7,254 views

Sony Rebuilding PlayStation Network (PSN) – Down 4 Days So Far

There’s been a few big stories in the past few days, one is of course the whole iPhone geo-location data tracking thing – but everyone was too busy checking into Foursquare to complain about that. The other is that the Sony PlayStation Network (PSN) basically got hacked, owned and raped. It’s still currently down and [...]

Continue Reading


21 April 2011 | 8,693 views

SearchDiggity – GUI Front-End For GoogleDiggity & BingDiggity

The Google Hacking Diggity Project is a research and development initiative dedicated to investigating the latest techniques that leverage search engines, such as Google and Bing, to quickly identify vulnerable systems and sensitive data in corporate networks. SearchDiggity is a new GUI application that serves as a front-end to both GoogleDiggity and BingDiggity. GoogleDiggity With [...]

Continue Reading


20 April 2011 | 6,145 views

Microsoft Implements Company Policy For Vulnerability Disclosure

Microsoft has implemented a new company policy regarding vulnerability disclosure in non-Microsoft products (third-party products). Unsurprisingly they are following the ‘responsible disclosure’ line rather than the ‘full disclosure’ line favoured by the infosec community. It’s fair enough though, as they say treat others as you wish to be treated. I’m pretty sure Microsoft would much [...]

Continue Reading


19 April 2011 | 11,047 views

BodgeIt Store – Vulnerable Web Application For Penetration Testing

There are various vulnerable web applications such as Jarlsberg, WackoPicko, Damn Vulnerable Web Application (DVWA), Vicnum, etc. Now we have another application that is vulnerable and ready to be exploited! The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to penetration testing. Features Easy to install – [...]

Continue Reading


18 April 2011 | 7,770 views

Adobe Patches Latest Flash Zero Day Vulnerability

There’s been a lot of news about this Adobe Flash Player vulnerability as apparently it has been exploited in the wild and Adobe were willing to push out an out-of-band patch for it – which means in their eyes it is really serious. They don’t have a great reputation for testing their software before releasing [...]

Continue Reading


14 April 2011 | 18,126 views

sqlmap 0.9 Released – Automatic Blind SQL Injection Tool

It’s been a while since we’ve written about sqlmap, the last time was when 0.7 was released back in July 2009 – sqlmap 0.7 Released – Automatic SQL Injection Tool. Well sqlmap 0.9 has been released and has a considerable amount of changes including an almost entirely re-written SQL Injection detection engine. For those that [...]

Continue Reading


13 April 2011 | 6,936 views

Microsoft Unleashes Record Breaking Patch Tuesday – April 2011

We all love Patch Tuesday – no doubt about that right? Well Microsoft has blessed us this month with the biggest Patch Tuesday in the history of the program. That’s a good thing because it’s had some horribly effective vulnerabilities revealed lately. It managed to package up a massive bundle of patches for 64 vulnerabilities [...]

Continue Reading


12 April 2011 | 10,169 views

RawCap – Free Command Line Packet/Network Sniffer For Windows (Raw Sockets)

RawCap is a free command line network sniffer for Windows that uses raw sockets. Features Can sniff any interface that has got an IP address, including 127.0.0.1 (localhost/loopback) RawCap.exe is just 17 kB No external libraries or DLL’s needed other than .NET Framework 2.0 No installation required, just download RawCap.exe and sniff Can sniff most [...]

Continue Reading