Archive | December, 2011


29 December 2011 | 28,819 views

Patator – Multi Purpose Brute Forcing Tool

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. Basically the author got tired of using Medusa, Hydra, ncrack, metasploit auxiliary modules, nmap NSE scripts and the like because: They either do not work or are not reliable (false negatives several times in the past) They are slow (not multi-threaded or [...]

Continue Reading


28 December 2011 | 12,011 views

US Subway Stores POS Hacked For $3Million Dollars

Honestly there hasn’t been much news over the holiday period, well maybe there was but no one bothered reporting it. There was the Stratfor case of course, which Anonymous is saying wasn’t anything to do with them. The scale of this incident somehow reminds me of the whole TJ MAXX fiasco a few years back. [...]

Continue Reading


22 December 2011 | 10,447 views

Social Engineering Vulnerability Evaluation and Recommendation Project

Social engineering has been around for tens of thousands of years so it is time we approach the topic in a professional manner. The Social Engineering Vulnerability Evaluation and Recommendation (SEVER) Project is one way to help penetration testers become more consistent. It is also intended to be the best way to teach novices about [...]

Continue Reading


20 December 2011 | 10,338 views

Cybercrooks May Be Able To Force Mobile Phones To Send Premium-Rate SMS Messages

There have been a few stories about this in the past, I recall China Facing Problems With Android Handsets & Pre-installed Trojans that were draining people’s batteries and phone credit by sending messages to premium-rate numbers. The latest news is of a more technical nature, but it outlines ways in which cybercrooks may well be [...]

Continue Reading


19 December 2011 | 16,122 views

MySQLPasswordAuditor – Free MySQL Audit/Password Recovery & Cracking Tool

MysqlPasswordAuditor is the FREE Mysql password recovery and auditing software. Mysql is one of the popular and powerful database software used by most of the web based and server side applications. If you have ever lost or forgotten your Mysql database password then MysqlPasswordAuditor can help in recovering it easily. It can also help you [...]

Continue Reading


15 December 2011 | 8,087 views

No BEAST Fix From Microsoft In December Patch Tuesday – But They Fixed Duqu Bug

It looks like Microsoft originally had a patch for the BEAST vulnerability, but for some reason they have withdrawn it for the December Patch Tuesday. It’s a pretty bumper crop of patches though with 13 bulletins and 19 vulnerabilities fixed, the highest profile one being a patch for the zero-day vulnerability exploited by Duqu. The [...]

Continue Reading


07 December 2011 | 11,683 views

sslyze – Fast and Full-Featured SSL Configuration Scanner

Transport Layer Security (TLS), commonly called SSL, is one of the most widely used protocols to secure network communications. As costs fall and user security and privacy expectations rise companies are deploying it more widely every year. Attacks against the CA system, SSL implementation flaws and aging protocol versions have grabbed news headlines, bringing attention [...]

Continue Reading


05 December 2011 | 13,299 views

GCHQ Code Breaking Challenge Solved Through Googling

This is quite an amusing story, I’m sure many of you have read about the ‘hacking challenge’ set up by GCHQ and that they are looking to hire hackers cyber-security specialists through non-traditional channels. The thing that tickled me was, well there were two things actually..one that the challenge site was coded in ASP and [...]

Continue Reading


01 December 2011 | 31,581 views

The Mole – Automatic SQL Injection SQLi Exploitation Tool

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. Features Support for injections using Mysql, SQL Server, Postgres and Oracle databases. Command [...]

Continue Reading