web-sorrow is a PERL based tool used for checking a Web server for misconfiguration, version detection, enumeration, and server information. It is NOT a vulnerability scanner, inspection proxy, DDoS tool or an exploitation framework. Current Functionality -S – stands for standard. a set of Standard tests and includes: indexing of directories testing, banner grabbing, language […]
Archives for April 2012
Microsoft Delivers 6 Out Of Band High Priority Security Updates
Now it was only last month when everyone was wrapped up in the MS12-020 RDP Exploit Code In The Wild issue. As it turns out, Microsoft have been hiding some more serious security issues under the carpet. Apparently attackers are already exploiting the MS12-027 flaw in ActiveX in the wild – although Microsoft of course […]
Carbylamine – A PHP Script Encoder to ‘Obfuscate/Encode’ PHP Files
Carbylamine is a PHP Encoder project, which can bypass all leading anti-virus detection against PHP Shells (C99, R57 etc) easily. It can be a very efficient tool for pen-testers when carrying out a black box test which involves inserting malicious code via PHP. Usage
1 |
carbylamine.php [file to encode] [output file] |
You can download Carbylamine here: carbylamine.php Or read more here.
Server Migration – Moved To Linode! And Changed To Nginx/PHP-FPM/APC/W3TC
So lately I’ve being doing a lot more DevOps stuff than security stuff and I’m pretty much enjoying it (apart from some of the tedious sys-admin stuff). So with some of the new stuff I’ve learnt along the way, I decided to move Darknet from a rather bloated managed VPS with 2GB of RAM and […]
Zero Day Java Vulnerability Exploited – Macs Infected With Flashback Malware
Interesting timing this one, just a couple of days ago we reported – Avira Joins The Crowd & Starts To Offer Mac Antivirus Software – and now an unpatched vulnerability in Java for Mac OS that is being exploited in the wild. The vulnerability (CVE-2012-0507) was patched in Java by Oracle back in February, but […]