Archive | 2012


28 February 2012 | 9,215 views

MagicTree v1.1 Released For Download – Pen-Testing Productivity Tool

If you aren’t aware (yes we wrote about MagicTree v1.0) what MagicTree is.. Think of it this way, have you ever spent ages trying to find the results of a particular portscan you were sure you did? Or grepping through a bunch of files looking for data for a particular host or service? Or copy-pasting [...]

Continue Reading


21 February 2012 | 10,719 views

UK Facebook Hacker Jailed For 8 Months

It’s a pretty harsh sentence if you ask me, especially since Facebook decided in July 2011 to start paying bug bounties. I have to say though, this guy must be a pretty talented hacker to break into the Facebook servers – they aren’t exactly low hanging fruit. I’d imagine they are some of the most [...]

Continue Reading


15 February 2012 | 21,856 views

xSQLScanner – Database Password Cracker & Security Audit Tool For MS-SQL & MySQL

xSQL Scanner is a advanced SQL audit tool that allows users to find weak passwords and vulnerabilities on MS-SQL and MySQL database servers. The objective of xSQLScanner is to assist the Security Analyst or Penetration Tester in auditing the security of MS-SQL and MySQL database servers. Features Test for weak password fast; Test for wear/user [...]

Continue Reading


07 February 2012 | 9,854 views

At Last – Adobe Launches Sandboxed Flash Player For Firefox

Finally a proactive measure from Adobe to try and remedy the horrible security flaws they have introduced to Firefox with their Flash Player. There have been some massive hacks recently due to Flash – - Hackers Exploiting Latest Adobe Flash Bug On Large Scale – Adobe Patches Latest Flash Zero Day Vulnerability – Adobe Promises [...]

Continue Reading


31 January 2012 | 20,145 views

theHarvester – Gather E-mail Accounts, Subdomains, Hosts, Employee Names – Information Gathering Tool

theHarvester is a tool to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective. The sources supported [...]

Continue Reading


25 January 2012 | 11,835 views

Super Powered Malware Sandwiches Found In The Wild – Frankenmalware

Now this is quite a fascinating story, especially if you know anything about Malware and have interests in that area. It seems the latest development is the accidental development of new super-malware strains created by viruses infecting executable files of worms. Worms are generally executable files and well, viruses infect executables – so you can [...]

Continue Reading


19 January 2012 | 11,212 views

Mobius Forensic Toolkit 0.5.10 – Forensics Framework To Manage Cases & Case Items

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools. Installation As root, type:

Usage Run mobius_bin.py. You can download Mobius 0.5.10 here: mobiusft-0.5.10.tar.gz mobiusft-0.5.10.zip Or [...]

Continue Reading


12 January 2012 | 9,902 views

Sprint Adds Google Wallet Into New NFC Capable Phones

Oh look, another aspect of security and privacy to consider as Google pushes its’ mobile payment solution ‘Wallet’ onto two new NFC capable phones – the Galaxy Nexus & LG Viper. If you haven’t heard of the service you can find out more here – Google Wallet (Wikipedia). The main concern here (security wise) is [...]

Continue Reading


09 January 2012 | 13,882 views

Arachni v0.4 Released – High-Performance (Open Source) Web Application Security Scanner Framework

Arachni is a high-performance (Open Source) Web Application Security Scanner Framework written in Ruby. This version includes lots of goodies, including: A new light-weight RPC implementation (No more XMLRPC) High Performance Grid (HPG) — Combines the resources of multiple nodes for lightning-fast scans Updated WebUI to provide access to HPG features and context-sensitive help Accuracy [...]

Continue Reading


05 January 2012 | 16,792 views

Ramnit Worm Stealing Facebook Account Passwords, E-mail Address & Bank Details

Oh look, another Facebook worm – this one seems pretty nasty and as usual it’s going for Facebook access details and then diving into banking credentials if it can find them. It’s mostly targeted at the UK though, worms of these type usually are geographically limited as they are targeting bank information – it’s better [...]

Continue Reading